diff --git a/vendor/curl/premake5.lua b/vendor/curl/premake5.lua index 5826946822..772d8b3dbc 100644 --- a/vendor/curl/premake5.lua +++ b/vendor/curl/premake5.lua @@ -4,7 +4,7 @@ project "curl" kind "StaticLib" targetname "curl" - includedirs { "include", "lib", "../mbedtls/2.28.0/include", "../zlib" } + includedirs { "include", "lib", "../mbedtls/include", "../zlib" } defines { "BUILDING_LIBCURL", "CURL_STATICLIB", "HTTP_ONLY", "USE_ZLIB", "HAVE_LIBZ", "HAVE_ZLIB_H", "HAVE_CONFIG_H" } warnings "off" diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/README.md b/vendor/mbedtls/3rdparty/everest/README.md similarity index 87% rename from vendor/mbedtls/2.28.0/3rdparty/everest/README.md rename to vendor/mbedtls/3rdparty/everest/README.md index 0e25466626..bcf12c0c05 100644 --- a/vendor/mbedtls/2.28.0/3rdparty/everest/README.md +++ b/vendor/mbedtls/3rdparty/everest/README.md @@ -2,4 +2,4 @@ The files in this directory stem from [Project Everest](https://project-everest. This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS. -The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later). +The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explicitly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later). diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/Hacl_Curve25519.h b/vendor/mbedtls/3rdparty/everest/include/everest/Hacl_Curve25519.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/Hacl_Curve25519.h rename to vendor/mbedtls/3rdparty/everest/include/everest/Hacl_Curve25519.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/everest.h b/vendor/mbedtls/3rdparty/everest/include/everest/everest.h similarity index 99% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/everest.h rename to vendor/mbedtls/3rdparty/everest/include/everest/everest.h index 58065001f4..392e7924a9 100644 --- a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/everest.h +++ b/vendor/mbedtls/3rdparty/everest/include/everest/everest.h @@ -96,7 +96,7 @@ int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen void *p_rng ); /** - * \brief This function parses and processes a TLS ServerKeyExhange + * \brief This function parses and processes a TLS ServerKeyExchange * payload. * * This is the first function used by a TLS client for ECDHE @@ -116,7 +116,7 @@ int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx, const unsigned char **buf, const unsigned char *end ); /** - * \brief This function parses and processes a TLS ServerKeyExhange + * \brief This function parses and processes a TLS ServerKeyExchange * payload. * * This is the first function used by a TLS client for ECDHE diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlib.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlib.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlib.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlib.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/c_endianness.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlin/c_endianness.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/c_endianness.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlin/c_endianness.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/builtin.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/builtin.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/builtin.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/builtin.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/callconv.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/callconv.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/callconv.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/callconv.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/compat.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/compat.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/compat.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/compat.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/debug.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/debug.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/debug.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/debug.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/target.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/target.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/target.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/target.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/types.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/types.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/types.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/types.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h b/vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h rename to vendor/mbedtls/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h b/vendor/mbedtls/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h rename to vendor/mbedtls/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/vs2010/inttypes.h b/vendor/mbedtls/3rdparty/everest/include/everest/vs2010/inttypes.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/vs2010/inttypes.h rename to vendor/mbedtls/3rdparty/everest/include/everest/vs2010/inttypes.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/vs2010/stdbool.h b/vendor/mbedtls/3rdparty/everest/include/everest/vs2010/stdbool.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/vs2010/stdbool.h rename to vendor/mbedtls/3rdparty/everest/include/everest/vs2010/stdbool.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/x25519.h b/vendor/mbedtls/3rdparty/everest/include/everest/x25519.h similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/x25519.h rename to vendor/mbedtls/3rdparty/everest/include/everest/x25519.h diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/library/Hacl_Curve25519.c b/vendor/mbedtls/3rdparty/everest/library/Hacl_Curve25519.c similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/library/Hacl_Curve25519.c rename to vendor/mbedtls/3rdparty/everest/library/Hacl_Curve25519.c diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/library/Hacl_Curve25519_joined.c b/vendor/mbedtls/3rdparty/everest/library/Hacl_Curve25519_joined.c similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/library/Hacl_Curve25519_joined.c rename to vendor/mbedtls/3rdparty/everest/library/Hacl_Curve25519_joined.c diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/library/everest.c b/vendor/mbedtls/3rdparty/everest/library/everest.c similarity index 97% rename from vendor/mbedtls/2.28.0/3rdparty/everest/library/everest.c rename to vendor/mbedtls/3rdparty/everest/library/everest.c index 82c4e03adb..fefc6a2ce4 100644 --- a/vendor/mbedtls/2.28.0/3rdparty/everest/library/everest.c +++ b/vendor/mbedtls/3rdparty/everest/library/everest.c @@ -28,12 +28,7 @@ #include "everest/x25519.h" #include "everest/everest.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c b/vendor/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c rename to vendor/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c b/vendor/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c rename to vendor/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/library/legacy/Hacl_Curve25519.c b/vendor/mbedtls/3rdparty/everest/library/legacy/Hacl_Curve25519.c similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/library/legacy/Hacl_Curve25519.c rename to vendor/mbedtls/3rdparty/everest/library/legacy/Hacl_Curve25519.c diff --git a/vendor/mbedtls/2.28.0/3rdparty/everest/library/x25519.c b/vendor/mbedtls/3rdparty/everest/library/x25519.c similarity index 100% rename from vendor/mbedtls/2.28.0/3rdparty/everest/library/x25519.c rename to vendor/mbedtls/3rdparty/everest/library/x25519.c diff --git a/vendor/mbedtls/2.28.0/LICENSE b/vendor/mbedtls/LICENSE similarity index 100% rename from vendor/mbedtls/2.28.0/LICENSE rename to vendor/mbedtls/LICENSE diff --git a/vendor/mbedtls/2.28.0/README.md b/vendor/mbedtls/README.md similarity index 89% rename from vendor/mbedtls/2.28.0/README.md rename to vendor/mbedtls/README.md index eb3829cd8c..833e2cd494 100644 --- a/vendor/mbedtls/2.28.0/README.md +++ b/vendor/mbedtls/README.md @@ -17,7 +17,9 @@ We provide some non-standard configurations focused on specific use cases in the Documentation ------------- -Documentation for the Mbed TLS interfaces in the default library configuration is available as part of the [Mbed TLS documentation](https://tls.mbed.org/api/). +The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls.readthedocs.io/). + +Documentation for the PSA Cryptography API is available [on GitHub](https://arm-software.github.io/psa-api/crypto/). To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: @@ -77,9 +79,9 @@ Setting the variable `SHARED` in your environment will build shared libraries in Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -Wextra`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line. -Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. +Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/) for articles on your platform or issue. -In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://tls.mbed.org/kb). +In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/). ### CMake @@ -185,7 +187,7 @@ For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, ad - `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. - `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. - `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations. -- `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled +- `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. - `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc). Porting Mbed TLS @@ -193,9 +195,9 @@ Porting Mbed TLS Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following Knowledge Base articles useful: -- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS) -- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on) -- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls) +- [Porting Mbed TLS to a new environment or OS](https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS/) +- [What external dependencies does Mbed TLS rely on?](https://mbed-tls.readthedocs.io/en/latest/kb/development/what-external-dependencies-does-mbedtls-rely-on/) +- [How do I configure Mbed TLS](https://mbed-tls.readthedocs.io/en/latest/kb/compiling-and-building/how-do-i-configure-mbedtls/) Mbed TLS is mostly written in portable C99; however, it has a few platform requirements that go beyond the standard, but are met by most modern architectures: @@ -208,11 +210,11 @@ Mbed TLS is mostly written in portable C99; however, it has a few platform requi PSA cryptography API -------------------- -### PSA API design +### PSA API Arm's [Platform Security Architecture (PSA)](https://developer.arm.com/architectures/security-architectures/platform-security-architecture) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. -The [PSA cryptography API](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform. +The [PSA cryptography API](https://arm-software.github.io/psa-api/crypto/) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform. The design goals of the PSA cryptography API include: @@ -224,10 +226,6 @@ The design goals of the PSA cryptography API include: Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at [`mbed-crypto@arm.com`](mailto:mbed-crypto@arm.com). All feedback received by email is treated confidentially. -### PSA API documentation - -A browsable copy of the PSA Cryptography API documents is available on the [PSA cryptography interfaces documentation portal](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) in [PDF](https://armmbed.github.io/mbed-crypto/PSA_Cryptography_API_Specification.pdf) and [HTML](https://armmbed.github.io/mbed-crypto/html/index.html) formats. - ### PSA implementation in Mbed TLS Mbed TLS includes a reference implementation of the PSA Cryptography API. @@ -235,7 +233,7 @@ This implementation is not yet as mature as the rest of the library. Some parts The X.509 and TLS code can use PSA cryptography for a limited subset of operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `config.h`. -There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list. +There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/Mbed-TLS/mbed-crypto/labels/compliance) for an up-to-date list. ### Upcoming features @@ -260,5 +258,5 @@ Contact ------- * To report a security vulnerability in Mbed TLS, please email . For more information, see [`SECURITY.md`](SECURITY.md). -* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/ARMmbed/mbedtls/issues/new/choose). +* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/Mbed-TLS/mbedtls/issues/new/choose). * Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS. diff --git a/vendor/mbedtls/2.28.0/configs/README.txt b/vendor/mbedtls/configs/README.txt similarity index 100% rename from vendor/mbedtls/2.28.0/configs/README.txt rename to vendor/mbedtls/configs/README.txt diff --git a/vendor/mbedtls/configs/config-ccm-psk-dtls1_2.h b/vendor/mbedtls/configs/config-ccm-psk-dtls1_2.h new file mode 100644 index 0000000000..78b75c860b --- /dev/null +++ b/vendor/mbedtls/configs/config-ccm-psk-dtls1_2.h @@ -0,0 +1,110 @@ +/** + * \file config-ccm-psk-dtls1_2.h + * + * \brief Small configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites + * + * Distinguishing features: + * - Optimized for small code size, low bandwidth (on an unreliable transport), + * and low RAM usage. + * - No asymmetric cryptography (no certificates, no Diffie-Hellman key + * exchange). + * - Fully modern and secure (provided the pre-shared keys are generated and + * stored securely). + * - Very low record overhead with CCM-8. + * - Includes several optional DTLS features typically used in IoT. + * + * See README.txt for usage instructions. + */ +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ +/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ + +/* Mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_NET_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_TIMING_C + +/* TLS protocol feature support */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#define MBEDTLS_SSL_DTLS_CONNECTION_ID +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + +/* + * Use only CCM_8 ciphersuites, and + * save ROM and a few bytes of RAM by specifying our own ciphersuite list + */ +#define MBEDTLS_SSL_CIPHERSUITES \ + MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ + MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 + +/* + * Save RAM at the expense of interoperability: do this only if you control + * both ends of the connection! (See comments in "mbedtls/ssl.h".) + * The optimal size here depends on the typical size of records. + */ +#define MBEDTLS_SSL_MAX_CONTENT_LEN 256 + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save some RAM by adjusting to your exact needs */ +#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "platform_entropy_poll" source plus a weak clock source, but you may + * want to add other ones. Minimum is 3 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 3 + +/* These defines are present so that the config modifying scripts can enable + * them during tests/scripts/test-ref-configs.pl */ +//#define MBEDTLS_USE_PSA_CRYPTO +//#define MBEDTLS_PSA_CRYPTO_C + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/vendor/mbedtls/2.28.0/configs/config-ccm-psk-tls1_2.h b/vendor/mbedtls/configs/config-ccm-psk-tls1_2.h similarity index 77% rename from vendor/mbedtls/2.28.0/configs/config-ccm-psk-tls1_2.h rename to vendor/mbedtls/configs/config-ccm-psk-tls1_2.h index c58d150d9d..3216e17f3a 100644 --- a/vendor/mbedtls/2.28.0/configs/config-ccm-psk-tls1_2.h +++ b/vendor/mbedtls/configs/config-ccm-psk-tls1_2.h @@ -21,11 +21,15 @@ */ /* * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites + * * Distinguishing features: - * - no bignum, no PK, no X509 - * - fully modern and secure (provided the pre-shared keys have high entropy) - * - very low record overhead with CCM-8 - * - optimized for low RAM usage + * - Optimized for small code size, low bandwidth (on a reliable transport), + * and low RAM usage. + * - No asymmetric cryptography (no certificates, no Diffie-Hellman key + * exchange). + * - Fully modern and secure (provided the pre-shared keys are generated and + * stored securely). + * - Very low record overhead with CCM-8. * * See README.txt for usage instructions. */ @@ -36,11 +40,7 @@ //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ -/* mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* mbed TLS modules */ +/* Mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C @@ -53,18 +53,9 @@ #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 +/* TLS protocol feature support */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 /* * Use only CCM_8 ciphersuites, and @@ -81,6 +72,29 @@ */ #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save some RAM by adjusting to your exact needs */ +#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "platform_entropy_poll" source, but you may want to add other ones + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + +/* These defines are present so that the config modifying scripts can enable + * them during tests/scripts/test-ref-configs.pl */ +//#define MBEDTLS_USE_PSA_CRYPTO +//#define MBEDTLS_PSA_CRYPTO_C + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C + #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/vendor/mbedtls/2.28.0/configs/config-mini-tls1_1.h b/vendor/mbedtls/configs/config-mini-tls1_1.h similarity index 80% rename from vendor/mbedtls/2.28.0/configs/config-mini-tls1_1.h rename to vendor/mbedtls/configs/config-mini-tls1_1.h index 638c1e260a..78e31d5488 100644 --- a/vendor/mbedtls/2.28.0/configs/config-mini-tls1_1.h +++ b/vendor/mbedtls/configs/config-mini-tls1_1.h @@ -71,6 +71,20 @@ /* For testing with compat.sh */ #define MBEDTLS_FS_IO +/* These defines are present so that the config modifying scripts can enable + * them during tests/scripts/test-ref-configs.pl */ +//#define MBEDTLS_USE_PSA_CRYPTO +//#define MBEDTLS_PSA_CRYPTO_C + +/* With MBEDTLS_PSA_CRYPTO_C, importing an RSA key requires MBEDTLS_PK_WRITE_C */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +#define MBEDTLS_PK_WRITE_C +#endif #include "mbedtls/check_config.h" +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C + #endif /* MBEDTLS_CONFIG_H */ diff --git a/vendor/mbedtls/2.28.0/configs/config-no-entropy.h b/vendor/mbedtls/configs/config-no-entropy.h similarity index 98% rename from vendor/mbedtls/2.28.0/configs/config-no-entropy.h rename to vendor/mbedtls/configs/config-no-entropy.h index 04c1213f91..63f9411a36 100644 --- a/vendor/mbedtls/2.28.0/configs/config-no-entropy.h +++ b/vendor/mbedtls/configs/config-no-entropy.h @@ -21,7 +21,7 @@ */ /* * Minimal configuration of features that do not require an entropy source - * Distinguishing reatures: + * Distinguishing features: * - no entropy module * - no TLS protocol implementation available due to absence of an entropy * source diff --git a/vendor/mbedtls/2.28.0/configs/config-suite-b.h b/vendor/mbedtls/configs/config-suite-b.h similarity index 85% rename from vendor/mbedtls/2.28.0/configs/config-suite-b.h rename to vendor/mbedtls/configs/config-suite-b.h index 9cad382739..29897fd5f5 100644 --- a/vendor/mbedtls/2.28.0/configs/config-suite-b.h +++ b/vendor/mbedtls/configs/config-suite-b.h @@ -103,12 +103,27 @@ /* * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See coments in "mbedtls/ssl.h".) + * both ends of the connection! (See comments in "mbedtls/ssl.h".) * The minimum size here depends on the certificate chain used as well as the * typical size of records. */ #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 +/* These defines are present so that the config modifying scripts can enable + * them during tests/scripts/test-ref-configs.pl */ +//#define MBEDTLS_USE_PSA_CRYPTO +//#define MBEDTLS_PSA_CRYPTO_C + +/* With USE_PSA_CRYPTO, some PK operations also need PK_WRITE */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define MBEDTLS_PK_WRITE_C +#endif + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C + #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/vendor/mbedtls/2.28.0/configs/config-symmetric-only.h b/vendor/mbedtls/configs/config-symmetric-only.h similarity index 100% rename from vendor/mbedtls/2.28.0/configs/config-symmetric-only.h rename to vendor/mbedtls/configs/config-symmetric-only.h diff --git a/vendor/mbedtls/2.28.0/configs/config-thread.h b/vendor/mbedtls/configs/config-thread.h similarity index 92% rename from vendor/mbedtls/2.28.0/configs/config-thread.h rename to vendor/mbedtls/configs/config-thread.h index 8464fcb1bd..de24158ae1 100644 --- a/vendor/mbedtls/2.28.0/configs/config-thread.h +++ b/vendor/mbedtls/configs/config-thread.h @@ -86,6 +86,11 @@ /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 +/* These defines are present so that the config modifying scripts can enable + * them during tests/scripts/test-ref-configs.pl */ +//#define MBEDTLS_USE_PSA_CRYPTO +//#define MBEDTLS_PSA_CRYPTO_C + #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/vendor/mbedtls/2.28.0/dco.txt b/vendor/mbedtls/dco.txt similarity index 100% rename from vendor/mbedtls/2.28.0/dco.txt rename to vendor/mbedtls/dco.txt diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/aes.h b/vendor/mbedtls/include/mbedtls/aes.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/aes.h rename to vendor/mbedtls/include/mbedtls/aes.h index e280dbb1c6..401ac39de8 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/aes.h +++ b/vendor/mbedtls/include/mbedtls/aes.h @@ -564,7 +564,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, * for example, with 96-bit random nonces, you should not encrypt * more than 2**32 messages with the same key. * - * Note that for both stategies, sizes are measured in blocks and + * Note that for both strategies, sizes are measured in blocks and * that an AES block is 16 bytes. * * \warning Upon return, \p stream_block contains sensitive data. Its diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/aesni.h b/vendor/mbedtls/include/mbedtls/aesni.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/aesni.h rename to vendor/mbedtls/include/mbedtls/aesni.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/arc4.h b/vendor/mbedtls/include/mbedtls/arc4.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/arc4.h rename to vendor/mbedtls/include/mbedtls/arc4.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/aria.h b/vendor/mbedtls/include/mbedtls/aria.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/aria.h rename to vendor/mbedtls/include/mbedtls/aria.h index 226e2dbf3c..d294c47f2d 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/aria.h +++ b/vendor/mbedtls/include/mbedtls/aria.h @@ -44,7 +44,7 @@ #define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ #define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */ -#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ +#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maximum number of rounds in ARIA. */ #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -321,7 +321,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * for example, with 96-bit random nonces, you should not encrypt * more than 2**32 messages with the same key. * - * Note that for both stategies, sizes are measured in blocks and + * Note that for both strategies, sizes are measured in blocks and * that an ARIA block is 16 bytes. * * \warning Upon return, \p stream_block contains sensitive data. Its diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/asn1.h b/vendor/mbedtls/include/mbedtls/asn1.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/asn1.h rename to vendor/mbedtls/include/mbedtls/asn1.h index 10f7905b7e..5117fc7a41 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/asn1.h +++ b/vendor/mbedtls/include/mbedtls/asn1.h @@ -61,7 +61,7 @@ /** Buffer too small when writing ASN.1 data structure. */ #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C -/* \} name */ +/** \} name ASN1 Error codes */ /** * \name DER constants @@ -121,8 +121,7 @@ #define MBEDTLS_ASN1_TAG_PC_MASK 0x20 #define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F -/* \} name */ -/* \} addtogroup asn1_module */ +/** \} name DER constants */ /** Returns the size of the binary string, without the trailing \\0 */ #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1) @@ -210,7 +209,7 @@ mbedtls_asn1_named_data; * \return 0 if successful. * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element * would end beyond \p end. - * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. + * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable. */ int mbedtls_asn1_get_len( unsigned char **p, const unsigned char *end, @@ -235,7 +234,7 @@ int mbedtls_asn1_get_len( unsigned char **p, * with the requested tag. * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element * would end beyond \p end. - * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. + * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable. */ int mbedtls_asn1_get_tag( unsigned char **p, const unsigned char *end, @@ -607,6 +606,9 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry ); */ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ); +/** \} name Functions to parse ASN.1 data structures */ +/** \} addtogroup asn1_module */ + #ifdef __cplusplus } #endif diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/asn1write.h b/vendor/mbedtls/include/mbedtls/asn1write.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/asn1write.h rename to vendor/mbedtls/include/mbedtls/asn1write.h index 44afae0e56..5da7654bb4 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/asn1write.h +++ b/vendor/mbedtls/include/mbedtls/asn1write.h @@ -90,7 +90,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, #if defined(MBEDTLS_BIGNUM_C) /** - * \brief Write a arbitrary-precision number (#MBEDTLS_ASN1_INTEGER) + * \brief Write an arbitrary-precision number (#MBEDTLS_ASN1_INTEGER) * in ASN.1 format. * * \note This function works backwards in data buffer. diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/base64.h b/vendor/mbedtls/include/mbedtls/base64.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/base64.h rename to vendor/mbedtls/include/mbedtls/base64.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/bignum.h b/vendor/mbedtls/include/mbedtls/bignum.h similarity index 95% rename from vendor/mbedtls/2.28.0/include/mbedtls/bignum.h rename to vendor/mbedtls/include/mbedtls/bignum.h index 9d2cff3275..c61db82c6d 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/bignum.h +++ b/vendor/mbedtls/include/mbedtls/bignum.h @@ -182,6 +182,20 @@ #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ +/** \typedef mbedtls_mpi_uint + * \brief The type of machine digits in a bignum, called _limbs_. + * + * This is always an unsigned integer type with no padding bits. The size + * is platform-dependent. + */ + +/** \typedef mbedtls_mpi_sint + * \brief The signed type corresponding to #mbedtls_mpi_uint. + * + * This is always a signed integer type with no padding bits. The size + * is platform-dependent. + */ + #ifdef __cplusplus extern "C" { #endif @@ -191,9 +205,27 @@ extern "C" { */ typedef struct mbedtls_mpi { - int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */ - size_t n; /*!< total # of limbs */ - mbedtls_mpi_uint *p; /*!< pointer to limbs */ + /** Sign: -1 if the mpi is negative, 1 otherwise. + * + * The number 0 must be represented with `s = +1`. Although many library + * functions treat all-limbs-zero as equivalent to a valid representation + * of 0 regardless of the sign bit, there are exceptions, so bignum + * functions and external callers must always set \c s to +1 for the + * number zero. + * + * Note that this implies that calloc() or `... = {0}` does not create + * a valid MPI representation. You must call mbedtls_mpi_init(). + */ + int s; + + /** Total number of limbs in \c p. */ + size_t n; + + /** Pointer to limbs. + * + * This may be \c NULL if \c n is 0. + */ + mbedtls_mpi_uint *p; } mbedtls_mpi; @@ -280,7 +312,7 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); * \param Y The MPI to be assigned from. This must point to an * initialized MPI. * \param assign The condition deciding whether to perform the - * assignment or not. Possible values: + * assignment or not. Must be either 0 or 1: * * \c 1: Perform the assignment `X = Y`. * * \c 0: Keep the original value of \p X. * @@ -291,6 +323,10 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); * information through branch prediction and/or memory access * patterns analysis). * + * \warning If \p assign is neither 0 nor 1, the result of this function + * is indeterminate, and the resulting value in \p X might be + * neither its original value nor the value in \p Y. + * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. @@ -303,24 +339,28 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned * * \param X The first MPI. This must be initialized. * \param Y The second MPI. This must be initialized. - * \param assign The condition deciding whether to perform - * the swap or not. Possible values: + * \param swap The condition deciding whether to perform + * the swap or not. Must be either 0 or 1: * * \c 1: Swap the values of \p X and \p Y. * * \c 0: Keep the original values of \p X and \p Y. * * \note This function is equivalent to - * if( assign ) mbedtls_mpi_swap( X, Y ); + * if( swap ) mbedtls_mpi_swap( X, Y ); * except that it avoids leaking any information about whether - * the assignment was done or not (the above code may leak + * the swap was done or not (the above code may leak * information through branch prediction and/or memory access * patterns analysis). * + * \warning If \p swap is neither 0 nor 1, the result of this function + * is indeterminate, and both \p X and \p Y might end up with + * values different to either of the original ones. + * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. * */ -int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign ); +int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap ); /** * \brief Store integer value in MPI. @@ -753,11 +793,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, * * \param Q The destination MPI for the quotient. * This may be \c NULL if the value of the - * quotient is not needed. + * quotient is not needed. This must not alias A or B. * \param R The destination MPI for the remainder value. * This may be \c NULL if the value of the - * remainder is not needed. - * \param A The dividend. This must point to an initialized MPi. + * remainder is not needed. This must not alias A or B. + * \param A The dividend. This must point to an initialized MPI. * \param B The divisor. This must point to an initialized MPI. * * \return \c 0 if successful. @@ -774,10 +814,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * * \param Q The destination MPI for the quotient. * This may be \c NULL if the value of the - * quotient is not needed. + * quotient is not needed. This must not alias A. * \param R The destination MPI for the remainder value. * This may be \c NULL if the value of the - * remainder is not needed. + * remainder is not needed. This must not alias A. * \param A The dividend. This must point to an initialized MPi. * \param b The divisor. * @@ -832,6 +872,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, * \brief Perform a sliding-window exponentiation: X = A^E mod N * * \param X The destination MPI. This must point to an initialized MPI. + * This must not alias E or N. * \param A The base of the exponentiation. * This must point to an initialized MPI. * \param E The exponent MPI. This must point to an initialized MPI. @@ -989,7 +1030,7 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * generate yourself and that are supposed to be prime, then * \p rounds should be at least the half of the security * strength of the cryptographic algorithm. On the other hand, - * if \p X is chosen uniformly or non-adversially (as is the + * if \p X is chosen uniformly or non-adversarially (as is the * case when mbedtls_mpi_gen_prime calls this function), then * \p rounds can be much lower. * diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/blowfish.h b/vendor/mbedtls/include/mbedtls/blowfish.h similarity index 98% rename from vendor/mbedtls/2.28.0/include/mbedtls/blowfish.h rename to vendor/mbedtls/include/mbedtls/blowfish.h index 77dca70d31..d5f809921f 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/blowfish.h +++ b/vendor/mbedtls/include/mbedtls/blowfish.h @@ -185,7 +185,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or * #MBEDTLS_BLOWFISH_DECRYPT for decryption. * \param length The length of the input data in Bytes. - * \param iv_off The offset in the initialiation vector. + * \param iv_off The offset in the initialization vector. * The value pointed to must be smaller than \c 8 Bytes. * It is updated by this function to support the aforementioned * streaming usage. @@ -246,7 +246,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * The recommended way to ensure uniqueness is to use a message * counter. * - * Note that for both stategies, sizes are measured in blocks and + * Note that for both strategies, sizes are measured in blocks and * that a Blowfish block is 8 bytes. * * \warning Upon return, \p stream_block contains sensitive data. Its diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/bn_mul.h b/vendor/mbedtls/include/mbedtls/bn_mul.h similarity index 97% rename from vendor/mbedtls/2.28.0/include/mbedtls/bn_mul.h rename to vendor/mbedtls/include/mbedtls/bn_mul.h index 31137cd4c2..a3fc363815 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/bn_mul.h +++ b/vendor/mbedtls/include/mbedtls/bn_mul.h @@ -94,13 +94,29 @@ #if defined(__GNUC__) && \ ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) +/* + * GCC < 5.0 treated the x86 ebx (which is used for the GOT) as a + * fixed reserved register when building as PIC, leading to errors + * like: bn_mul.h:46:13: error: PIC register clobbered by 'ebx' in 'asm' + * + * This is fixed by an improved register allocator in GCC 5+. From the + * release notes: + * Register allocation improvements: Reuse of the PIC hard register, + * instead of using a fixed register, was implemented on x86/x86-64 + * targets. This improves generated PIC code performance as more hard + * registers can be used. + */ +#if defined(__GNUC__) && __GNUC__ < 5 && defined(__PIC__) +#define MULADDC_CANNOT_USE_EBX +#endif + /* * Disable use of the i386 assembly code below if option -O0, to disable all * compiler optimisations, is passed, detected with __OPTIMIZE__ * This is done as the number of registers used in the assembly code doesn't * work with the -O0 option. */ -#if defined(__i386__) && defined(__OPTIMIZE__) +#if defined(__i386__) && defined(__OPTIMIZE__) && !defined(MULADDC_CANNOT_USE_EBX) #define MULADDC_INIT \ asm( \ @@ -563,10 +579,20 @@ "andi r7, r6, 0xffff \n\t" \ "bsrli r6, r6, 16 \n\t" -#define MULADDC_CORE \ +#if(__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) +#define MULADDC_LHUI \ + "lhui r9, r3, 0 \n\t" \ + "addi r3, r3, 2 \n\t" \ + "lhui r8, r3, 0 \n\t" +#else +#define MULADDC_LHUI \ "lhui r8, r3, 0 \n\t" \ "addi r3, r3, 2 \n\t" \ - "lhui r9, r3, 0 \n\t" \ + "lhui r9, r3, 0 \n\t" +#endif + +#define MULADDC_CORE \ + MULADDC_LHUI \ "addi r3, r3, 2 \n\t" \ "mul r10, r9, r6 \n\t" \ "mul r11, r8, r7 \n\t" \ diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/camellia.h b/vendor/mbedtls/include/mbedtls/camellia.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/camellia.h rename to vendor/mbedtls/include/mbedtls/camellia.h index 925a623e47..d39d932fa2 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/camellia.h +++ b/vendor/mbedtls/include/mbedtls/camellia.h @@ -273,7 +273,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * encrypted: for example, with 96-bit random nonces, you should * not encrypt more than 2**32 messages with the same key. * - * Note that for both stategies, sizes are measured in blocks and + * Note that for both strategies, sizes are measured in blocks and * that a CAMELLIA block is \c 16 Bytes. * * \warning Upon return, \p stream_block contains sensitive data. Its diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ccm.h b/vendor/mbedtls/include/mbedtls/ccm.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/ccm.h rename to vendor/mbedtls/include/mbedtls/ccm.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/certs.h b/vendor/mbedtls/include/mbedtls/certs.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/certs.h rename to vendor/mbedtls/include/mbedtls/certs.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/chacha20.h b/vendor/mbedtls/include/mbedtls/chacha20.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/chacha20.h rename to vendor/mbedtls/include/mbedtls/chacha20.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/chachapoly.h b/vendor/mbedtls/include/mbedtls/chachapoly.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/chachapoly.h rename to vendor/mbedtls/include/mbedtls/chachapoly.h index c4ec7b5f2a..ed568bc98b 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/chachapoly.h +++ b/vendor/mbedtls/include/mbedtls/chachapoly.h @@ -161,7 +161,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, * \param ctx The ChaCha20-Poly1305 context. This must be initialized * and bound to a key. * \param nonce The nonce/IV to use for the message. - * This must be a redable buffer of length \c 12 Bytes. + * This must be a readable buffer of length \c 12 Bytes. * \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or * #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning). * diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/check_config.h b/vendor/mbedtls/include/mbedtls/check_config.h similarity index 92% rename from vendor/mbedtls/2.28.0/include/mbedtls/check_config.h rename to vendor/mbedtls/include/mbedtls/check_config.h index 396fe7dfc2..7ae1ff94db 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/check_config.h +++ b/vendor/mbedtls/include/mbedtls/check_config.h @@ -173,7 +173,11 @@ #endif #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) -#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" +#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C) +#error "MBEDTLS_PKCS5_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \ @@ -214,11 +218,32 @@ #error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too" #endif +#if defined(MBEDTLS_CCM_C) && ( \ + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) +#error "MBEDTLS_CCM_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C) +#error "MBEDTLS_CCM_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_GCM_C) && ( \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) #error "MBEDTLS_GCM_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C) +#error "MBEDTLS_GCM_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C) +#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C) +#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) #error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites" #endif @@ -338,11 +363,11 @@ #endif #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites" +#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites" #endif #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites" +#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites" #endif #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM) @@ -500,6 +525,20 @@ #error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously" #endif +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) +#error "MBEDTLS_PLATFORM_VSNPRINTF_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C) +#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) &&\ + ( defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) ||\ + defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) ) +#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_VSNPRINTF/MBEDTLS_PLATFORM_VSNPRINTF_ALT cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\ !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) #error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites" @@ -619,6 +658,17 @@ #error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO." #endif +#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && \ + !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_ECDSA_C) +#error "MBEDTLS_PK_C in configuration with MBEDTLS_USE_PSA_CRYPTO and \ + MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined." +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) && \ + !( defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) ) +#error "MBEDTLS_PSA_CRYPTO_C with MBEDTLS_RSA_C requires MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C" +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" @@ -761,20 +811,25 @@ !defined(MBEDTLS_SSL_PROTO_TLS1) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites" +#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites" #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ !defined(MBEDTLS_SSL_PROTO_TLS1) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites" +#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites" #endif #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_TICKET_C) && \ + !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) ) +#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \ !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1) #error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites" @@ -889,6 +944,10 @@ #error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) ) +#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites" +#endif + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/cipher.h b/vendor/mbedtls/include/mbedtls/cipher.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/cipher.h rename to vendor/mbedtls/include/mbedtls/cipher.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/cipher_internal.h b/vendor/mbedtls/include/mbedtls/cipher_internal.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/cipher_internal.h rename to vendor/mbedtls/include/mbedtls/cipher_internal.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/cmac.h b/vendor/mbedtls/include/mbedtls/cmac.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/cmac.h rename to vendor/mbedtls/include/mbedtls/cmac.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/compat-1.3.h b/vendor/mbedtls/include/mbedtls/compat-1.3.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/compat-1.3.h rename to vendor/mbedtls/include/mbedtls/compat-1.3.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/config.h b/vendor/mbedtls/include/mbedtls/config.h similarity index 95% rename from vendor/mbedtls/2.28.0/include/mbedtls/config.h rename to vendor/mbedtls/include/mbedtls/config.h index 87b4e9192e..61db79362f 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/config.h +++ b/vendor/mbedtls/include/mbedtls/config.h @@ -128,7 +128,12 @@ * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and * MBEDTLS_PLATFORM_STD_TIME. * - * Comment if your system does not support time functions + * Comment if your system does not support time functions. + * + * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing + * interface - timing.c will include time.h on suitable platforms + * regardless of the setting of MBEDTLS_HAVE_TIME, unless + * MBEDTLS_TIMING_ALT is used. See timing.c for more information. */ #define MBEDTLS_HAVE_TIME @@ -321,7 +326,7 @@ */ //#define MBEDTLS_CHECK_PARAMS_ASSERT -/* \} name SECTION: System support */ +/** \} name SECTION: System support */ /** * \name SECTION: mbed TLS feature support @@ -395,7 +400,7 @@ //#define MBEDTLS_XTEA_ALT /* - * When replacing the elliptic curve module, pleace consider, that it is + * When replacing the elliptic curve module, please consider, that it is * implemented with two .c files: * - ecp.c * - ecp_curves.c @@ -1324,7 +1329,7 @@ * Include backtrace information with each allocated block. * * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * GLIBC-compatible backtrace() an backtrace_symbols() support + * GLIBC-compatible backtrace() and backtrace_symbols() support * * Uncomment this macro to include backtrace information */ @@ -1493,7 +1498,7 @@ * Enable an implementation of SHA-256 that has lower ROM footprint but also * lower performance. * - * The default implementation is meant to be a reasonnable compromise between + * The default implementation is meant to be a reasonable compromise between * performance and size. This version optimizes more aggressively for size at * the expense of performance. Eg on Cortex-M4 it reduces the size of * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about @@ -1615,6 +1620,8 @@ * saved after the handshake to allow for more efficient serialization, so if * you don't need this feature you'll save RAM by disabling it. * + * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C + * * Comment to disable the context serialization APIs. */ #define MBEDTLS_SSL_CONTEXT_SERIALIZATION @@ -1658,7 +1665,7 @@ * Enable support for RFC 7627: Session Hash and Extended Master Secret * Extension. * - * This was introduced as "the proper fix" to the Triple Handshake familiy of + * This was introduced as "the proper fix" to the Triple Handshake family of * attacks, but it is recommended to always use it (even if you disable * renegotiation), since it actually fixes a more fundamental issue in the * original SSL/TLS design, and has implications beyond Triple Handshake. @@ -1704,7 +1711,7 @@ * \note This option has no influence on the protection against the * triple handshake attack. Even if it is disabled, Mbed TLS will * still ensure that certificates do not change during renegotiation, - * for exaple by keeping a hash of the peer's certificate. + * for example by keeping a hash of the peer's certificate. * * Comment this macro to disable storing the peer's certificate * after the handshake. @@ -1909,7 +1916,7 @@ * unless you know for sure amplification cannot be a problem in the * environment in which your server operates. * - * \warning Disabling this can ba a security risk! (see above) + * \warning Disabling this can be a security risk! (see above) * * Requires: MBEDTLS_SSL_PROTO_DTLS * @@ -2162,8 +2169,19 @@ * This setting allows support for cryptographic mechanisms through the PSA * API to be configured separately from support through the mbedtls API. * - * Uncomment this to enable use of PSA Crypto configuration settings which - * can be found in include/psa/crypto_config.h. + * When this option is disabled, the PSA API exposes the cryptographic + * mechanisms that can be implemented on top of the `mbedtls_xxx` API + * configured with `MBEDTLS_XXX` symbols. + * + * When this option is enabled, the PSA API exposes the cryptographic + * mechanisms requested by the `PSA_WANT_XXX` symbols defined in + * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are + * automatically enabled if required (i.e. if no PSA driver provides the + * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols + * in config.h. + * + * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies + * an alternative header to include instead of include/psa/crypto_config.h. * * If you enable this option and write your own configuration file, you must * include mbedtls/config_psa.h in your configuration file. The default @@ -2289,7 +2307,7 @@ * Uncomment to enable use of ZLIB */ //#define MBEDTLS_ZLIB_SUPPORT -/* \} name SECTION: mbed TLS feature support */ +/** \} name SECTION: mbed TLS feature support */ /** * \name SECTION: mbed TLS modules @@ -2409,7 +2427,7 @@ * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA * * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. If possible, we recommend avoidng dependencies on + * security risk. If possible, we recommend avoiding dependencies on * it, and considering stronger ciphers instead. * */ @@ -2902,7 +2920,7 @@ * * Requires: MBEDTLS_MD_C * - * Uncomment to enable the HMAC_DRBG random number geerator. + * Uncomment to enable the HMAC_DRBG random number generator. */ #define MBEDTLS_HMAC_DRBG_C @@ -3014,7 +3032,7 @@ * * \note See also our Knowledge Base article about porting to a new * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * * Module: library/net_sockets.c * @@ -3096,7 +3114,7 @@ /** * \def MBEDTLS_PK_C * - * Enable the generic public (asymetric) key layer. + * Enable the generic public (asymmetric) key layer. * * Module: library/pk.c * Caller: library/ssl_tls.c @@ -3112,7 +3130,7 @@ /** * \def MBEDTLS_PK_PARSE_C * - * Enable the generic public (asymetric) key parser. + * Enable the generic public (asymmetric) key parser. * * Module: library/pkparse.c * Caller: library/x509_crt.c @@ -3127,7 +3145,7 @@ /** * \def MBEDTLS_PK_WRITE_C * - * Enable the generic public (asymetric) key writer. + * Enable the generic public (asymmetric) key writer. * * Module: library/pkwrite.c * Caller: library/x509write.c @@ -3384,7 +3402,8 @@ * Module: library/ssl_ticket.c * Caller: * - * Requires: MBEDTLS_CIPHER_C + * Requires: MBEDTLS_CIPHER_C && + * ( MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C ) */ #define MBEDTLS_SSL_TICKET_C @@ -3440,7 +3459,7 @@ * contexts are not shared between threads. If you do intend to use contexts * between threads, you will need to enable this layer to prevent race * conditions. See also our Knowledge Base article about threading: - * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading + * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading * * Module: library/threading.c * @@ -3466,9 +3485,13 @@ * your own implementation of the whole module by setting * \c MBEDTLS_TIMING_ALT in the current file. * + * \note The timing module will include time.h on suitable platforms + * regardless of the setting of MBEDTLS_HAVE_TIME, unless + * MBEDTLS_TIMING_ALT is used. See timing.c for more information. + * * \note See also our Knowledge Base article about porting to a new * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * * Module: library/timing.c * Caller: library/havege.c @@ -3598,7 +3621,88 @@ */ #define MBEDTLS_XTEA_C -/* \} name SECTION: mbed TLS modules */ +/** \} name SECTION: mbed TLS modules */ + +/** + * \name SECTION: General configuration options + * + * This section contains Mbed TLS build settings that are not associated + * with a particular module. + * + * \{ + */ + +/** + * \def MBEDTLS_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"mbedtls/config.h"`. + * This header file specifies the compile-time configuration of Mbed TLS. + * Unlike other configuration options, this one must be defined on the + * compiler command line: a definition in `config.h` would have no effect. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_CONFIG_FILE "mbedtls/config.h" + +/** + * \def MBEDTLS_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"mbedtls/config.h"` or #MBEDTLS_CONFIG_FILE. + * This allows you to modify the default configuration, including the ability + * to undefine options that are enabled by default. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_config.h"`. + * This header file specifies which cryptographic mechanisms are available + * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and + * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h" + +/** + * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE. + * This allows you to modify the default configuration, including the ability + * to undefine options that are enabled by default. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" + +/** \} name SECTION: General configuration options */ /** * \name SECTION: Module configuration options @@ -3609,11 +3713,15 @@ * * Our advice is to enable options and change their values here * only if you have a good reason and know the consequences. - * - * Please check the respective header file for documentation on these - * parameters (to prevent duplicate documentation). * \{ */ +/* The Doxygen documentation here is used when a user comments out a + * setting and runs doxygen themselves. On the other hand, when we typeset + * the full documentation including disabled settings, the documentation + * in specific modules' header files is used if present. When editing this + * file, make sure that each option is documented in exactly one place, + * plus optionally a same-line Doxygen comment here if there is a Doxygen + * comment in the specific module. */ /* MPI / BIGNUM options */ //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ @@ -4002,7 +4110,7 @@ */ //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED -/* \} name SECTION: Customisation configuration options */ +/** \} name SECTION: Module configuration options */ /* Target and application specific configurations * diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/config_psa.h b/vendor/mbedtls/include/mbedtls/config_psa.h similarity index 97% rename from vendor/mbedtls/2.28.0/include/mbedtls/config_psa.h rename to vendor/mbedtls/include/mbedtls/config_psa.h index 189f6c2173..d27fb54b03 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/config_psa.h +++ b/vendor/mbedtls/include/mbedtls/config_psa.h @@ -7,7 +7,7 @@ * those definitions to define symbols used in the library code. * * Users and integrators should not edit this file, please edit - * include/mbedtls/config.h for MBETLS_XXX settings or + * include/mbedtls/config.h for MBEDTLS_XXX settings or * include/psa/crypto_config.h for PSA_WANT_XXX settings. */ /* @@ -31,9 +31,17 @@ #define MBEDTLS_CONFIG_PSA_H #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE) +#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE +#else #include "psa/crypto_config.h" +#endif #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ +#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE) +#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE +#endif + #ifdef __cplusplus extern "C" { #endif @@ -264,7 +272,6 @@ extern "C" { #if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \ (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \ (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \ - (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \ defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \ @@ -393,15 +400,8 @@ extern "C" { #endif #endif /* PSA_WANT_ALG_OFB */ -#if defined(PSA_WANT_ALG_XTS) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1 -#define MBEDTLS_CIPHER_MODE_XTS -#endif -#endif /* PSA_WANT_ALG_XTS */ - -#if defined(PSA_WANT_ALG_ECB_NO_PADDING) +#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING) #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 #endif @@ -446,6 +446,8 @@ extern "C" { #if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) #if defined(PSA_WANT_KEY_TYPE_CHACHA20) #define MBEDTLS_CHACHAPOLY_C +#define MBEDTLS_CHACHA20_C +#define MBEDTLS_POLY1305_C #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 #endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ @@ -483,7 +485,7 @@ extern "C" { #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) /* * Curve448 is not yet supported via the PSA API in Mbed TLS - * (https://github.com/ARMmbed/mbedtls/issues/4249). + * (https://github.com/Mbed-TLS/mbedtls/issues/4249). */ #error "Curve448 is not yet supported via the PSA API in Mbed TLS." #define MBEDTLS_ECP_DP_CURVE448_ENABLED @@ -537,7 +539,7 @@ extern "C" { #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) /* * SECP224K1 is buggy via the PSA API in Mbed TLS - * (https://github.com/ARMmbed/mbedtls/issues/3541). + * (https://github.com/Mbed-TLS/mbedtls/issues/3541). */ #error "SECP224K1 is buggy via the PSA API in Mbed TLS." #define MBEDTLS_ECP_DP_SECP224K1_ENABLED @@ -751,11 +753,6 @@ extern "C" { #define PSA_WANT_ALG_OFB 1 #endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) -#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1 -#define PSA_WANT_ALG_XTS 1 -#endif - #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 @@ -776,7 +773,7 @@ extern "C" { #define PSA_WANT_ECC_MONTGOMERY_255 #endif -/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */ +/* Curve448 is not yet supported via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/4249) */ #if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 #define PSA_WANT_ECC_MONTGOMERY_448 @@ -812,7 +809,7 @@ extern "C" { #define PSA_WANT_ECC_SECP_K1_192 #endif -/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */ +/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */ #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 #define PSA_WANT_ECC_SECP_K1_224 diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/constant_time.h b/vendor/mbedtls/include/mbedtls/constant_time.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/constant_time.h rename to vendor/mbedtls/include/mbedtls/constant_time.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ctr_drbg.h b/vendor/mbedtls/include/mbedtls/ctr_drbg.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/ctr_drbg.h rename to vendor/mbedtls/include/mbedtls/ctr_drbg.h index dc4adc896d..e68237a439 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ctr_drbg.h +++ b/vendor/mbedtls/include/mbedtls/ctr_drbg.h @@ -138,7 +138,7 @@ /**< The maximum size of seed or reseed buffer in bytes. */ #endif -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ #define MBEDTLS_CTR_DRBG_PR_OFF 0 /**< Prediction resistance is disabled. */ diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/debug.h b/vendor/mbedtls/include/mbedtls/debug.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/debug.h rename to vendor/mbedtls/include/mbedtls/debug.h index 3c08244f3d..4fc4662d9a 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/debug.h +++ b/vendor/mbedtls/include/mbedtls/debug.h @@ -139,7 +139,7 @@ extern "C" { * discarded. * (Default value: 0 = No debug ) * - * \param threshold theshold level of messages to filter on. Messages at a + * \param threshold threshold level of messages to filter on. Messages at a * higher level will be discarded. * - Debug levels * - 0 No debug diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/des.h b/vendor/mbedtls/include/mbedtls/des.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/des.h rename to vendor/mbedtls/include/mbedtls/des.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/dhm.h b/vendor/mbedtls/include/mbedtls/dhm.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/dhm.h rename to vendor/mbedtls/include/mbedtls/dhm.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ecdh.h b/vendor/mbedtls/include/mbedtls/ecdh.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/ecdh.h rename to vendor/mbedtls/include/mbedtls/ecdh.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ecdsa.h b/vendor/mbedtls/include/mbedtls/ecdsa.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/ecdsa.h rename to vendor/mbedtls/include/mbedtls/ecdsa.h index 264a638bb5..118f7cedb1 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ecdsa.h +++ b/vendor/mbedtls/include/mbedtls/ecdsa.h @@ -309,10 +309,8 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, * This must be initialized. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature - * is invalid. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX - * error code on failure for any other reason. + * error code on failure. */ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, const unsigned char *buf, size_t blen, diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ecjpake.h b/vendor/mbedtls/include/mbedtls/ecjpake.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/ecjpake.h rename to vendor/mbedtls/include/mbedtls/ecjpake.h index 891705d8c4..3564ff8dd3 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ecjpake.h +++ b/vendor/mbedtls/include/mbedtls/ecjpake.h @@ -68,7 +68,7 @@ typedef enum { * (KeyExchange) as defined by the Thread spec. * * In order to benefit from this symmetry, we choose a different naming - * convetion from the Thread v1.0 spec. Correspondance is indicated in the + * convention from the Thread v1.0 spec. Correspondence is indicated in the * description as a pair C: client name, S: server name */ typedef struct mbedtls_ecjpake_context diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ecp.h b/vendor/mbedtls/include/mbedtls/ecp.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/ecp.h rename to vendor/mbedtls/include/mbedtls/ecp.h index 0924341e00..64a0bccda0 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ecp.h +++ b/vendor/mbedtls/include/mbedtls/ecp.h @@ -315,7 +315,7 @@ mbedtls_ecp_group; #if !defined(MBEDTLS_ECP_WINDOW_SIZE) /* * Maximum "window" size used for point multiplication. - * Default: a point where higher memory usage yields disminishing performance + * Default: a point where higher memory usage yields diminishing performance * returns. * Minimum value: 2. Maximum value: 7. * @@ -351,7 +351,7 @@ mbedtls_ecp_group; #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ #else /* MBEDTLS_ECP_ALT */ #include "ecp_alt.h" diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ecp_internal.h b/vendor/mbedtls/include/mbedtls/ecp_internal.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/ecp_internal.h rename to vendor/mbedtls/include/mbedtls/ecp_internal.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/entropy.h b/vendor/mbedtls/include/mbedtls/entropy.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/entropy.h rename to vendor/mbedtls/include/mbedtls/entropy.h index deb3c50300..40259ebc8a 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/entropy.h +++ b/vendor/mbedtls/include/mbedtls/entropy.h @@ -75,7 +75,7 @@ #define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ #endif -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) #define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/entropy_poll.h b/vendor/mbedtls/include/mbedtls/entropy_poll.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/entropy_poll.h rename to vendor/mbedtls/include/mbedtls/entropy_poll.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/error.h b/vendor/mbedtls/include/mbedtls/error.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/error.h rename to vendor/mbedtls/include/mbedtls/error.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/gcm.h b/vendor/mbedtls/include/mbedtls/gcm.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/gcm.h rename to vendor/mbedtls/include/mbedtls/gcm.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/havege.h b/vendor/mbedtls/include/mbedtls/havege.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/havege.h rename to vendor/mbedtls/include/mbedtls/havege.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/hkdf.h b/vendor/mbedtls/include/mbedtls/hkdf.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/hkdf.h rename to vendor/mbedtls/include/mbedtls/hkdf.h index 223004b8ed..111d960e56 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/hkdf.h +++ b/vendor/mbedtls/include/mbedtls/hkdf.h @@ -39,7 +39,7 @@ */ /** Bad input parameters to function. */ #define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 -/* \} name */ +/** \} name */ #ifdef __cplusplus extern "C" { diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/hmac_drbg.h b/vendor/mbedtls/include/mbedtls/hmac_drbg.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/hmac_drbg.h rename to vendor/mbedtls/include/mbedtls/hmac_drbg.h index 79132d4d91..6d372b9788 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/hmac_drbg.h +++ b/vendor/mbedtls/include/mbedtls/hmac_drbg.h @@ -74,7 +74,7 @@ #define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ #endif -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ #define MBEDTLS_HMAC_DRBG_PR_OFF 0 /**< No prediction resistance */ #define MBEDTLS_HMAC_DRBG_PR_ON 1 /**< Prediction resistance enabled */ @@ -207,7 +207,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, size_t len ); /** - * \brief Initilisation of simpified HMAC_DRBG (never reseeds). + * \brief Initialisation of simplified HMAC_DRBG (never reseeds). * * This function is meant for use in algorithms that need a pseudorandom * input such as deterministic ECDSA. diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/md.h b/vendor/mbedtls/include/mbedtls/md.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/md.h rename to vendor/mbedtls/include/mbedtls/md.h index 84fafd2ac7..9cea40a89c 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/md.h +++ b/vendor/mbedtls/include/mbedtls/md.h @@ -215,7 +215,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); /** - * \brief This function clones the state of an message-digest + * \brief This function clones the state of a message-digest * context. * * \note You must call mbedtls_md_setup() on \c dst before calling diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/md2.h b/vendor/mbedtls/include/mbedtls/md2.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/md2.h rename to vendor/mbedtls/include/mbedtls/md2.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/md4.h b/vendor/mbedtls/include/mbedtls/md4.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/md4.h rename to vendor/mbedtls/include/mbedtls/md4.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/md5.h b/vendor/mbedtls/include/mbedtls/md5.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/md5.h rename to vendor/mbedtls/include/mbedtls/md5.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/md_internal.h b/vendor/mbedtls/include/mbedtls/md_internal.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/md_internal.h rename to vendor/mbedtls/include/mbedtls/md_internal.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/memory_buffer_alloc.h b/vendor/mbedtls/include/mbedtls/memory_buffer_alloc.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/memory_buffer_alloc.h rename to vendor/mbedtls/include/mbedtls/memory_buffer_alloc.h index 233977252a..3954b36ab5 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/memory_buffer_alloc.h +++ b/vendor/mbedtls/include/mbedtls/memory_buffer_alloc.h @@ -42,7 +42,7 @@ #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ #endif -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ #define MBEDTLS_MEMORY_VERIFY_NONE 0 #define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0) diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/net.h b/vendor/mbedtls/include/mbedtls/net.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/net.h rename to vendor/mbedtls/include/mbedtls/net.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/net_sockets.h b/vendor/mbedtls/include/mbedtls/net_sockets.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/net_sockets.h rename to vendor/mbedtls/include/mbedtls/net_sockets.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/nist_kw.h b/vendor/mbedtls/include/mbedtls/nist_kw.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/nist_kw.h rename to vendor/mbedtls/include/mbedtls/nist_kw.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/oid.h b/vendor/mbedtls/include/mbedtls/oid.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/oid.h rename to vendor/mbedtls/include/mbedtls/oid.h index 1c39186a49..0186217804 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/oid.h +++ b/vendor/mbedtls/include/mbedtls/oid.h @@ -143,7 +143,7 @@ #define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ #define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ #define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ -#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */ +#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */ #define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ #define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/padlock.h b/vendor/mbedtls/include/mbedtls/padlock.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/padlock.h rename to vendor/mbedtls/include/mbedtls/padlock.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/pem.h b/vendor/mbedtls/include/mbedtls/pem.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/pem.h rename to vendor/mbedtls/include/mbedtls/pem.h index dfb4ff218e..daa71c886b 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/pem.h +++ b/vendor/mbedtls/include/mbedtls/pem.h @@ -54,7 +54,7 @@ #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /** Bad input parameters to function. */ #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 -/* \} name */ +/** \} name PEM Error codes */ #ifdef __cplusplus extern "C" { diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/pk.h b/vendor/mbedtls/include/mbedtls/pk.h similarity index 96% rename from vendor/mbedtls/2.28.0/include/mbedtls/pk.h rename to vendor/mbedtls/include/mbedtls/pk.h index 8f2abf2a60..c9a13f484e 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/pk.h +++ b/vendor/mbedtls/include/mbedtls/pk.h @@ -217,32 +217,6 @@ typedef struct typedef void mbedtls_pk_restart_ctx; #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ -#if defined(MBEDTLS_RSA_C) -/** - * Quick access to an RSA context inside a PK context. - * - * \warning You must make sure the PK context actually holds an RSA context - * before using this function! - */ -static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) -{ - return( (mbedtls_rsa_context *) (pk).pk_ctx ); -} -#endif /* MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_ECP_C) -/** - * Quick access to an EC context inside a PK context. - * - * \warning You must make sure the PK context actually holds an EC context - * before using this function! - */ -static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) -{ - return( (mbedtls_ecp_keypair *) (pk).pk_ctx ); -} -#endif /* MBEDTLS_ECP_C */ - #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /** * \brief Types for RSA-alt abstraction @@ -656,6 +630,55 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx ); */ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); +#if defined(MBEDTLS_RSA_C) +/** + * Quick access to an RSA context inside a PK context. + * + * \warning This function can only be used when the type of the context, as + * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA. + * Ensuring that is the caller's responsibility. + * Alternatively, you can check whether this function returns NULL. + * + * \return The internal RSA context held by the PK context, or NULL. + */ +static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) +{ + switch( mbedtls_pk_get_type( &pk ) ) + { + case MBEDTLS_PK_RSA: + return( (mbedtls_rsa_context *) (pk).pk_ctx ); + default: + return( NULL ); + } +} +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_ECP_C) +/** + * Quick access to an EC context inside a PK context. + * + * \warning This function can only be used when the type of the context, as + * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY, + * #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA. + * Ensuring that is the caller's responsibility. + * Alternatively, you can check whether this function returns NULL. + * + * \return The internal EC context held by the PK context, or NULL. + */ +static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) +{ + switch( mbedtls_pk_get_type( &pk ) ) + { + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + return( (mbedtls_ecp_keypair *) (pk).pk_ctx ); + default: + return( NULL ); + } +} +#endif /* MBEDTLS_ECP_C */ + #if defined(MBEDTLS_PK_PARSE_C) /** \ingroup pk_module */ /** diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/pk_internal.h b/vendor/mbedtls/include/mbedtls/pk_internal.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/pk_internal.h rename to vendor/mbedtls/include/mbedtls/pk_internal.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/pkcs11.h b/vendor/mbedtls/include/mbedtls/pkcs11.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/pkcs11.h rename to vendor/mbedtls/include/mbedtls/pkcs11.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/pkcs12.h b/vendor/mbedtls/include/mbedtls/pkcs12.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/pkcs12.h rename to vendor/mbedtls/include/mbedtls/pkcs12.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/pkcs5.h b/vendor/mbedtls/include/mbedtls/pkcs5.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/pkcs5.h rename to vendor/mbedtls/include/mbedtls/pkcs5.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/platform.h b/vendor/mbedtls/include/mbedtls/platform.h similarity index 97% rename from vendor/mbedtls/2.28.0/include/mbedtls/platform.h rename to vendor/mbedtls/include/mbedtls/platform.h index bdef07498d..eaf5122bec 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/platform.h +++ b/vendor/mbedtls/include/mbedtls/platform.h @@ -11,6 +11,13 @@ * implementations of these functions, or implementations specific to * their platform, which can be statically linked to the library or * dynamically configured at runtime. + * + * When all compilation options related to platform abstraction are + * disabled, this header just defines `mbedtls_xxx` function names + * as aliases to the standard `xxx` function. + * + * Most modules in the library and example programs are expected to + * include this header. */ /* * Copyright The Mbed TLS Contributors @@ -70,7 +77,9 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) #include #include +#if defined(MBEDTLS_HAVE_TIME) #include +#endif #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF) #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) #define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */ @@ -127,7 +136,7 @@ extern "C" { #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ /* * The function pointers for calloc and free. diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/platform_time.h b/vendor/mbedtls/include/mbedtls/platform_time.h similarity index 89% rename from vendor/mbedtls/2.28.0/include/mbedtls/platform_time.h rename to vendor/mbedtls/include/mbedtls/platform_time.h index 7e7daab692..94055711b2 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/platform_time.h +++ b/vendor/mbedtls/include/mbedtls/platform_time.h @@ -32,14 +32,6 @@ extern "C" { #endif -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in config.h or define them on the compiler command line. - * \{ - */ - /* * The time_t datatype */ diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/platform_util.h b/vendor/mbedtls/include/mbedtls/platform_util.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/platform_util.h rename to vendor/mbedtls/include/mbedtls/platform_util.h index f982db8c01..cd112ab58e 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/platform_util.h +++ b/vendor/mbedtls/include/mbedtls/platform_util.h @@ -67,7 +67,7 @@ extern "C" { * \brief User supplied callback function for parameter validation failure. * See #MBEDTLS_CHECK_PARAMS for context. * - * This function will be called unless an alternative treatement + * This function will be called unless an alternative treatment * is defined through the #MBEDTLS_PARAM_FAILED macro. * * This function can return, and the operation will be aborted, or @@ -198,7 +198,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; * * This macro has an empty expansion. It exists for documentation purposes: * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function - * has been analyzed for return-check usefuless, whereas the lack of + * has been analyzed for return-check usefulness, whereas the lack of * an annotation indicates that the function has not been analyzed and its * return-check usefulness is unknown. */ diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/poly1305.h b/vendor/mbedtls/include/mbedtls/poly1305.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/poly1305.h rename to vendor/mbedtls/include/mbedtls/poly1305.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/psa_util.h b/vendor/mbedtls/include/mbedtls/psa_util.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/psa_util.h rename to vendor/mbedtls/include/mbedtls/psa_util.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ripemd160.h b/vendor/mbedtls/include/mbedtls/ripemd160.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/ripemd160.h rename to vendor/mbedtls/include/mbedtls/ripemd160.h index 63270d1239..f890aefaee 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ripemd160.h +++ b/vendor/mbedtls/include/mbedtls/ripemd160.h @@ -74,7 +74,7 @@ void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ); void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); /** - * \brief Clone (the state of) an RIPEMD-160 context + * \brief Clone (the state of) a RIPEMD-160 context * * \param dst The destination context * \param src The context to be cloned diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/rsa.h b/vendor/mbedtls/include/mbedtls/rsa.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/rsa.h rename to vendor/mbedtls/include/mbedtls/rsa.h index 3c481e12a1..8559f67bb9 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/rsa.h +++ b/vendor/mbedtls/include/mbedtls/rsa.h @@ -88,7 +88,7 @@ /* * The above constants may be used even if the RSA module is compile out, - * eg for alternative (PKCS#11) RSA implemenations in the PK layers. + * eg for alternative (PKCS#11) RSA implementations in the PK layers. */ #ifdef __cplusplus @@ -491,7 +491,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * the current function does not have access to them, * and therefore cannot check them. See mbedtls_rsa_complete(). * If you want to check the consistency of the entire - * content of an PKCS1-encoded RSA private key, for example, you + * content of a PKCS1-encoded RSA private key, for example, you * should use mbedtls_rsa_validate_params() before setting * up the RSA context. * Additionally, if the implementation performs empirical checks, @@ -552,7 +552,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * * \note Blinding is used if and only if a PRNG is provided. * - * \note If blinding is used, both the base of exponentation + * \note If blinding is used, both the base of exponentiation * and the exponent are blinded, providing protection * against some side-channel attacks. * @@ -687,7 +687,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The initnialized RSA context to use. + * \param ctx The initialized RSA context to use. * \param f_rng The RNG function to use. This is needed for padding * generation and must be provided. * \param p_rng The RNG context to be passed to \p f_rng. This may diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/rsa_internal.h b/vendor/mbedtls/include/mbedtls/rsa_internal.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/rsa_internal.h rename to vendor/mbedtls/include/mbedtls/rsa_internal.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/sha1.h b/vendor/mbedtls/include/mbedtls/sha1.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/sha1.h rename to vendor/mbedtls/include/mbedtls/sha1.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/sha256.h b/vendor/mbedtls/include/mbedtls/sha256.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/sha256.h rename to vendor/mbedtls/include/mbedtls/sha256.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/sha512.h b/vendor/mbedtls/include/mbedtls/sha512.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/sha512.h rename to vendor/mbedtls/include/mbedtls/sha512.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ssl.h b/vendor/mbedtls/include/mbedtls/ssl.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/ssl.h rename to vendor/mbedtls/include/mbedtls/ssl.h index 209dbf6053..aecac93f33 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ssl.h +++ b/vendor/mbedtls/include/mbedtls/ssl.h @@ -349,7 +349,7 @@ #define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1 #endif -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ /* * Length of the verify data for secure renegotiation @@ -624,7 +624,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * \param ctx Context for the receive callback (typically a file descriptor) * \param buf Buffer to write the received data to * \param len Length of the receive buffer - * \param timeout Maximum nomber of millisecondes to wait for data + * \param timeout Maximum number of milliseconds to wait for data * 0 means no timeout (potentially waiting forever) * * \return The callback must return the number of bytes received, @@ -652,7 +652,7 @@ typedef int mbedtls_ssl_recv_timeout_t( void *ctx, * for the associated \c mbedtls_ssl_get_timer_t callback to * return correct information. * - * \note If using a event-driven style of programming, an event must + * \note If using an event-driven style of programming, an event must * be generated when the final delay is passed. The event must * cause a call to \c mbedtls_ssl_handshake() with the proper * SSL context to be scheduled. Care must be taken to ensure @@ -1152,7 +1152,7 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - /** Callback to create & write a cookie for ClientHello veirifcation */ + /** Callback to create & write a cookie for ClientHello verification */ int (*f_cookie_write)( void *, unsigned char **, unsigned char *, const unsigned char *, size_t ); /** Callback to verify validity of a ClientHello cookie */ @@ -1405,7 +1405,7 @@ struct mbedtls_ssl_context unsigned char *compress_buf; /*!< zlib data buffer */ #endif /* MBEDTLS_ZLIB_SUPPORT */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - signed char split_done; /*!< current record already splitted? */ + signed char split_done; /*!< current record already split? */ #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ /* @@ -1688,7 +1688,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * * \note The two most common use cases are: * - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL - * - blocking I/O, f_recv == NULL, f_recv_timout != NULL + * - blocking I/O, f_recv == NULL, f_recv_timeout != NULL * * \note For DTLS, you need to provide either a non-NULL * f_recv_timeout callback, or a f_recv that doesn't block. @@ -1846,7 +1846,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /** - * \brief Set the Maximum Tranport Unit (MTU). + * \brief Set the Maximum Transport Unit (MTU). * Special value: 0 means unset (no limit). * This represents the maximum size of a datagram payload * handled by the transport layer (usually UDP) as determined @@ -2000,7 +2000,7 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, * here, except if using an event-driven style. * * \note See also the "DTLS tutorial" article in our knowledge base. - * https://tls.mbed.org/kb/how-to/dtls-tutorial + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial */ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, @@ -2387,7 +2387,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); * ones going through the authentication-decryption phase. * * \note This is a security trade-off related to the fact that it's - * often relatively easy for an active attacker ot inject UDP + * often relatively easy for an active attacker to inject UDP * datagrams. On one hand, setting a low limit here makes it * easier for such an attacker to forcibly terminated a * connection. On the other hand, a high limit or no limit @@ -2498,7 +2498,7 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, * successfully cached, return 1 otherwise. * * \param conf SSL configuration - * \param p_cache parmater (context) for both callbacks + * \param p_cache parameter (context) for both callbacks * \param f_get_cache session get callback * \param f_set_cache session set callback */ @@ -2529,7 +2529,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session /** * \brief Load serialized session data into a session structure. * On client, this can be used for loading saved sessions - * before resuming them with mbedstls_ssl_set_session(). + * before resuming them with mbedtls_ssl_set_session(). * On server, this can be used for alternative implementations * of session cache or session tickets. * @@ -2793,7 +2793,7 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, * * \note On client, only the first call has any effect. That is, * only one client certificate can be provisioned. The - * server's preferences in its CertficateRequest message will + * server's preferences in its CertificateRequest message will * be ignored and our only cert will be sent regardless of * whether it matches those preferences - the server can then * decide what it wants to do with it. @@ -3241,7 +3241,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, * \param protos Pointer to a NULL-terminated list of supported protocols, * in decreasing preference order. The pointer to the list is * recorded by the library for later reference as required, so - * the lifetime of the table must be atleast as long as the + * the lifetime of the table must be at least as long as the * lifetime of the SSL configuration structure. * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. @@ -3255,7 +3255,7 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot * * \param ssl SSL context * - * \return Protcol name, or NULL if no protocol was negotiated. + * \return Protocol name, or NULL if no protocol was negotiated. */ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_ALPN */ @@ -3338,7 +3338,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, uint16_t mki_len ); /** - * \brief Get the negotiated DTLS-SRTP informations: + * \brief Get the negotiated DTLS-SRTP information: * Protection profile and MKI value. * * \warning This function must be called after the handshake is @@ -3346,7 +3346,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * not be trusted or acted upon before the handshake completes. * * \param ssl The SSL context to query. - * \param dtls_srtp_info The negotiated DTLS-SRTP informations: + * \param dtls_srtp_info The negotiated DTLS-SRTP information: * - Protection profile in use. * A direct mapping of the iana defined value for protection * profile on an uint16_t. @@ -3508,7 +3508,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, * \c mbedtls_ssl_get_record_expansion(). * * \note For DTLS, it is also possible to set a limit for the total - * size of daragrams passed to the transport layer, including + * size of datagrams passed to the transport layer, including * record overhead, see \c mbedtls_ssl_set_mtu(). * * \param conf SSL configuration @@ -3568,7 +3568,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets * initiated by peer * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED) * - * \warning It is recommended to always disable renegotation unless you + * \warning It is recommended to always disable renegotiation unless you * know you need it and you know what you're doing. In the * past, there have been several issues associated with * renegotiation or a poor understanding of its properties. @@ -3631,7 +3631,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_ * scenario. * * \note With DTLS and server-initiated renegotiation, the - * HelloRequest is retransmited every time mbedtls_ssl_read() times + * HelloRequest is retransmitted every time mbedtls_ssl_read() times * out or receives Application Data, until: * - max_records records have beens seen, if it is >= 0, or * - the number of retransmits that would happen during an @@ -4263,7 +4263,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed - * while reseting the context. + * while resetting the context. * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in * progress, or there is pending data for reading or sending, * or the connection does not use DTLS 1.2 with an AEAD @@ -4357,7 +4357,7 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl, void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); /** - * \brief Load reasonnable default SSL configuration values. + * \brief Load reasonable default SSL configuration values. * (You need to call mbedtls_ssl_config_init() first.) * * \param conf SSL configuration context diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_cache.h b/vendor/mbedtls/include/mbedtls/ssl_cache.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/ssl_cache.h rename to vendor/mbedtls/include/mbedtls/ssl_cache.h index c6ef2960f4..02eab96d45 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_cache.h +++ b/vendor/mbedtls/include/mbedtls/ssl_cache.h @@ -50,7 +50,7 @@ #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ #endif -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ #ifdef __cplusplus extern "C" { diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_ciphersuites.h b/vendor/mbedtls/include/mbedtls/ssl_ciphersuites.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/ssl_ciphersuites.h rename to vendor/mbedtls/include/mbedtls/ssl_ciphersuites.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_cookie.h b/vendor/mbedtls/include/mbedtls/ssl_cookie.h similarity index 97% rename from vendor/mbedtls/2.28.0/include/mbedtls/ssl_cookie.h rename to vendor/mbedtls/include/mbedtls/ssl_cookie.h index 0a238708e5..2aa373177b 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_cookie.h +++ b/vendor/mbedtls/include/mbedtls/ssl_cookie.h @@ -45,7 +45,7 @@ #define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ #endif -/* \} name SECTION: Module settings */ +/** \} name SECTION: Module settings */ #ifdef __cplusplus extern "C" { @@ -84,7 +84,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, * \brief Set expiration delay for cookies * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) * - * \param ctx Cookie contex + * \param ctx Cookie context * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies * issued in the meantime. * 0 to disable expiration (NOT recommended) diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_internal.h b/vendor/mbedtls/include/mbedtls/ssl_internal.h similarity index 97% rename from vendor/mbedtls/2.28.0/include/mbedtls/ssl_internal.h rename to vendor/mbedtls/include/mbedtls/ssl_internal.h index 6913dc0f66..77ad755477 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_internal.h +++ b/vendor/mbedtls/include/mbedtls/ssl_internal.h @@ -782,7 +782,7 @@ struct mbedtls_ssl_transform #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) uint8_t in_cid_len; uint8_t out_cid_len; - unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; + unsigned char in_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ]; unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -934,16 +934,22 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); */ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); @@ -1023,27 +1029,39 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); * following the above definition. * */ +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, unsigned update_hs_digest ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); /** @@ -1108,13 +1126,18 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); unsigned char mbedtls_ssl_hash_from_md_alg( int md ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); #if defined(MBEDTLS_ECP_C) +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ); #endif @@ -1170,6 +1193,7 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) * * Return 0 if everything is OK, -1 if not. */ +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, @@ -1218,21 +1242,26 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ); #endif /* Visible for testing purposes only */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl ); void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); #endif +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src ); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, unsigned char *output, unsigned char *data, size_t data_len ); @@ -1242,6 +1271,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */ +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, @@ -1254,11 +1284,13 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, #endif void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, mbedtls_record *rec, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mbedtls_ssl_transform *transform, mbedtls_record *rec ); @@ -1276,10 +1308,12 @@ static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_PROTO_DTLS) +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ); void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); @@ -1287,6 +1321,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform ); void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) @@ -1296,6 +1331,7 @@ void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_RENEGOTIATION) +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -1305,4 +1341,12 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ); void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_TEST_HOOKS) +int mbedtls_ssl_check_dtls_clihlo_cookie( + mbedtls_ssl_context *ssl, + const unsigned char *cli_id, size_t cli_id_len, + const unsigned char *in, size_t in_len, + unsigned char *obuf, size_t buf_len, size_t *olen ); +#endif + #endif /* ssl_internal.h */ diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_ticket.h b/vendor/mbedtls/include/mbedtls/ssl_ticket.h similarity index 98% rename from vendor/mbedtls/2.28.0/include/mbedtls/ssl_ticket.h rename to vendor/mbedtls/include/mbedtls/ssl_ticket.h index a882eed23b..8221051b24 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/ssl_ticket.h +++ b/vendor/mbedtls/include/mbedtls/ssl_ticket.h @@ -101,7 +101,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); * supported. Usually that means a 256-bit key. * * \note The lifetime of the keys is twice the lifetime of tickets. - * It is recommended to pick a reasonnable lifetime so as not + * It is recommended to pick a reasonable lifetime so as not * to negate the benefits of forward secrecy. * * \return 0 if successful, diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/threading.h b/vendor/mbedtls/include/mbedtls/threading.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/threading.h rename to vendor/mbedtls/include/mbedtls/threading.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/timing.h b/vendor/mbedtls/include/mbedtls/timing.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/timing.h rename to vendor/mbedtls/include/mbedtls/timing.h diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/version.h b/vendor/mbedtls/include/mbedtls/version.h similarity index 94% rename from vendor/mbedtls/2.28.0/include/mbedtls/version.h rename to vendor/mbedtls/include/mbedtls/version.h index b1a92b2bcf..b3b441d46b 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/version.h +++ b/vendor/mbedtls/include/mbedtls/version.h @@ -38,16 +38,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 28 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 2 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x021C0000 -#define MBEDTLS_VERSION_STRING "2.28.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.0" +#define MBEDTLS_VERSION_NUMBER 0x021C0200 +#define MBEDTLS_VERSION_STRING "2.28.2" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.2" #if defined(MBEDTLS_VERSION_C) diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/x509.h b/vendor/mbedtls/include/mbedtls/x509.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/x509.h rename to vendor/mbedtls/include/mbedtls/x509.h index c177501430..31b78df32f 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/x509.h +++ b/vendor/mbedtls/include/mbedtls/x509.h @@ -96,7 +96,7 @@ #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ #define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 -/* \} name */ +/** \} name X509 Error codes */ /** * \name X509 Verify codes @@ -124,8 +124,8 @@ #define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ #define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */ -/* \} name */ -/* \} addtogroup x509_module */ +/** \} name X509 Verify codes */ +/** \} addtogroup x509_module */ /* * X.509 v3 Subject Alternative Name types. @@ -255,7 +255,6 @@ typedef struct mbedtls_x509_time mbedtls_x509_time; /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ -/** \} addtogroup x509_module */ /** * \brief Store the certificate DN in printable form into buf; @@ -311,6 +310,8 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); */ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); +/** \} addtogroup x509_module */ + #if defined(MBEDTLS_SELF_TEST) /** diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/x509_crl.h b/vendor/mbedtls/include/mbedtls/x509_crl.h similarity index 98% rename from vendor/mbedtls/2.28.0/include/mbedtls/x509_crl.h rename to vendor/mbedtls/include/mbedtls/x509_crl.h index 7e9e8885f4..9222009019 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/x509_crl.h +++ b/vendor/mbedtls/include/mbedtls/x509_crl.h @@ -162,8 +162,8 @@ void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ); */ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ); -/* \} name */ -/* \} addtogroup x509_module */ +/** \} name Structures and functions for parsing CRLs */ +/** \} addtogroup x509_module */ #ifdef __cplusplus } diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/x509_crt.h b/vendor/mbedtls/include/mbedtls/x509_crt.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/mbedtls/x509_crt.h rename to vendor/mbedtls/include/mbedtls/x509_crt.h index 64ccb433ba..0f2885a7ee 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/x509_crt.h +++ b/vendor/mbedtls/include/mbedtls/x509_crt.h @@ -107,7 +107,7 @@ mbedtls_x509_crt; typedef struct mbedtls_x509_san_other_name { /** - * The type_id is an OID as deifned in RFC 5280. + * The type_id is an OID as defined in RFC 5280. * To check the value of the type id, you should use * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. */ @@ -159,7 +159,9 @@ mbedtls_x509_subject_alternative_name; typedef struct mbedtls_x509_crt_profile { uint32_t allowed_mds; /**< MDs for signatures */ - uint32_t allowed_pks; /**< PK algs for signatures */ + uint32_t allowed_pks; /**< PK algs for public keys; + * this applies to all certificates + * in the provided chain. */ uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ } @@ -850,8 +852,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ -/* \} name */ -/* \} addtogroup x509_module */ +/** \} name Structures and functions for parsing and writing X.509 certificates */ #if defined(MBEDTLS_X509_CRT_WRITE_C) /** @@ -862,7 +863,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); /** - * \brief Set the verion for a Certificate + * \brief Set the version for a Certificate * Default: MBEDTLS_X509_CRT_VERSION_3 * * \param ctx CRT context to use @@ -978,7 +979,7 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, * \param is_ca is this a CA certificate * \param max_pathlen maximum length of certificate chains below this * certificate (only for CA certificates, -1 is - * inlimited) + * unlimited) * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ @@ -1087,6 +1088,8 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CRT_WRITE_C */ +/** \} addtogroup x509_module */ + #ifdef __cplusplus } #endif diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/x509_csr.h b/vendor/mbedtls/include/mbedtls/x509_csr.h similarity index 98% rename from vendor/mbedtls/2.28.0/include/mbedtls/x509_csr.h rename to vendor/mbedtls/include/mbedtls/x509_csr.h index b1dfc21f1f..2a1c046131 100644 --- a/vendor/mbedtls/2.28.0/include/mbedtls/x509_csr.h +++ b/vendor/mbedtls/include/mbedtls/x509_csr.h @@ -151,8 +151,7 @@ void mbedtls_x509_csr_init( mbedtls_x509_csr *csr ); void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ); #endif /* MBEDTLS_X509_CSR_PARSE_C */ -/* \} name */ -/* \} addtogroup x509_module */ +/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */ #if defined(MBEDTLS_X509_CSR_WRITE_C) /** @@ -182,7 +181,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, * private key used to sign the CSR when writing it) * * \param ctx CSR context to use - * \param key Asymetric key to include + * \param key Asymmetric key to include */ void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key ); @@ -298,6 +297,8 @@ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, s #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CSR_WRITE_C */ +/** \} addtogroup x509_module */ + #ifdef __cplusplus } #endif diff --git a/vendor/mbedtls/2.28.0/include/mbedtls/xtea.h b/vendor/mbedtls/include/mbedtls/xtea.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/mbedtls/xtea.h rename to vendor/mbedtls/include/mbedtls/xtea.h diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto.h b/vendor/mbedtls/include/psa/crypto.h similarity index 96% rename from vendor/mbedtls/2.28.0/include/psa/crypto.h rename to vendor/mbedtls/include/psa/crypto.h index b0b57c3a6b..faa3b9e3fb 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto.h +++ b/vendor/mbedtls/include/psa/crypto.h @@ -499,17 +499,14 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); * This is an attempt to create a persistent key, and there is * already a persistent key with the given identifier. * \retval #PSA_ERROR_INVALID_ARGUMENT - * The lifetime or identifier in \p attributes are invalid. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The policy constraints on the source and specified in - * \p attributes are incompatible. - * \retval #PSA_ERROR_INVALID_ARGUMENT + * The lifetime or identifier in \p attributes are invalid, or + * the policy constraints on the source and specified in + * \p attributes are incompatible, or * \p attributes specifies a key type or key size * which does not match the attributes of the source key. * \retval #PSA_ERROR_NOT_PERMITTED - * The source key does not have the #PSA_KEY_USAGE_COPY usage flag. - * \retval #PSA_ERROR_NOT_PERMITTED - * The source key is not exportable and its lifetime does not + * The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or + * the source key is not exportable and its lifetime does not * allow copying it to the target's lifetime. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE @@ -554,7 +551,7 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, * \retval #PSA_ERROR_INVALID_HANDLE * \p key is not a valid identifier nor \c 0. * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * There was an failure in communication with the cryptoprocessor. + * There was a failure in communication with the cryptoprocessor. * The key material may still be present in the cryptoprocessor. * \retval #PSA_ERROR_DATA_INVALID * This error is typically a result of either storage corruption on a @@ -636,11 +633,9 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); * The key type or key size is not supported, either by the * implementation in general or in this particular persistent location. * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key attributes, as a whole, are invalid. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key data is not correctly formatted. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The size in \p attributes is nonzero and does not match the size + * The key attributes, as a whole, are invalid, or + * the key data is not correctly formatted, or + * the size in \p attributes is nonzero and does not match the size * of the key data. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE @@ -864,7 +859,6 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -900,7 +894,6 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -996,14 +989,13 @@ static psa_hash_operation_t psa_hash_operation_init(void); * \p alg is not a supported hash algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT * \p alg is not a hash algorithm. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1023,14 +1015,13 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it muct be active). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1044,7 +1035,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, * This function calculates the hash of the message formed by concatenating * the inputs passed to preceding calls to psa_hash_update(). * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_hash_abort(). * @@ -1066,8 +1057,6 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p hash buffer is too small. You can determine a * sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg) @@ -1077,7 +1066,8 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1095,7 +1085,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, * compares the calculated hash with the expected hash passed as a * parameter to this function. * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_hash_abort(). * @@ -1112,14 +1102,13 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, * \retval #PSA_ERROR_INVALID_SIGNATURE * The hash of the message was calculated successfully, but it * differs from the expected hash. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1170,16 +1159,14 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation); * It must be initialized but not active. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_BAD_STATE - * The \p source_operation state is not valid (it must be active). - * \retval #PSA_ERROR_BAD_STATE - * The \p target_operation state is not valid (it must be inactive). * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The \p source_operation state is not valid (it must be active), or + * the \p target_operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1381,9 +1368,8 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_ERROR_STORAGE_FAILURE * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1442,11 +1428,10 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE - * The key could not be retrieved from storage - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). + * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1469,15 +1454,14 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1491,7 +1475,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, * This function calculates the MAC of the message formed by concatenating * the inputs passed to preceding calls to psa_mac_update(). * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_mac_abort(). * @@ -1515,9 +1499,6 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active mac sign - * operation). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p mac buffer is too small. You can determine a * sufficient buffer size by calling PSA_MAC_LENGTH(). @@ -1527,7 +1508,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be an active mac sign + * operation), or the library has not been previously initialized + * by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1545,7 +1528,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, * compares the calculated MAC with the expected MAC passed as a * parameter to this function. * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_mac_abort(). * @@ -1562,16 +1545,15 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, * \retval #PSA_ERROR_INVALID_SIGNATURE * The MAC of the message was calculated successfully, but it * differs from the expected MAC. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active mac verify - * operation). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be an active mac verify + * operation), or the library has not been previously initialized + * by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1806,9 +1788,8 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1870,9 +1851,8 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1900,8 +1880,6 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, with no IV set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p iv buffer is too small. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1910,7 +1888,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active, with no IV set), + * or the library has not been previously initialized + * by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1940,9 +1920,6 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active cipher - * encrypt operation, with no IV set). * \retval #PSA_ERROR_INVALID_ARGUMENT * The size of \p iv is not acceptable for the chosen algorithm, * or the chosen algorithm does not use an IV. @@ -1952,7 +1929,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be an active cipher + * encrypt operation, with no IV set), or the library has not been + * previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1983,9 +1962,6 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, with an IV set - * if required for the algorithm). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1994,7 +1970,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active, with an IV set + * if required for the algorithm), or the library has not been + * previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2016,7 +1994,7 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, * formed by concatenating the inputs passed to preceding calls to * psa_cipher_update(). * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_cipher_abort(). * @@ -2036,9 +2014,6 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_INVALID_PADDING * This is a decryption operation for an algorithm that includes * padding, and the ciphertext does not contain valid padding. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, with an IV set - * if required for the algorithm). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2047,7 +2022,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active, with an IV set + * if required for the algorithm), or the library has not been + * previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2330,7 +2307,8 @@ static psa_aead_operation_t psa_aead_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -2342,7 +2320,6 @@ static psa_aead_operation_t psa_aead_operation_init(void); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -2396,8 +2373,6 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -2410,7 +2385,8 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be inactive), or the + * library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2439,9 +2415,6 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active aead encrypt - * operation, with no nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p nonce buffer is too small. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2450,7 +2423,9 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be an active aead encrypt + * operation, with no nonce set), or the library has not been + * previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2480,9 +2455,6 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, with no nonce - * set). * \retval #PSA_ERROR_INVALID_ARGUMENT * The size of \p nonce is not acceptable for the chosen algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2491,7 +2463,9 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active, with no nonce + * set), or the library has not been previously initialized + * by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2525,10 +2499,6 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, and - * psa_aead_update_ad() and psa_aead_update() must not have been - * called yet). * \retval #PSA_ERROR_INVALID_ARGUMENT * At least one of the lengths is not acceptable for the chosen * algorithm. @@ -2537,7 +2507,10 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active, and + * psa_aead_update_ad() and psa_aead_update() must not have been + * called yet), or the library has not been previously initialized + * by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2573,10 +2546,6 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, have a nonce - * set, have lengths set if required by the algorithm, and - * psa_aead_update() must not have been called yet). * \retval #PSA_ERROR_INVALID_ARGUMENT * The total input length overflows the additional data length that * was previously specified with psa_aead_set_lengths(). @@ -2586,7 +2555,10 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active, have a nonce + * set, have lengths set if required by the algorithm, and + * psa_aead_update() must not have been called yet), or the library + * has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2651,9 +2623,6 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, have a nonce - * set, and have lengths set if required by the algorithm). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or @@ -2662,9 +2631,8 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to psa_aead_update_ad() so far is * less than the additional data length that was previously - * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total input length overflows the plaintext length that + * specified with psa_aead_set_lengths(), or + * the total input length overflows the plaintext length that * was previously specified with psa_aead_set_lengths(). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -2672,7 +2640,9 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active, have a nonce + * set, and have lengths set if required by the algorithm), or the + * library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2697,7 +2667,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * preceding calls to psa_aead_update(). * - \p tag contains the authentication tag. * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_aead_abort(). * @@ -2736,9 +2706,6 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active encryption - * operation with a nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p ciphertext or \p tag buffer is too small. * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or @@ -2749,9 +2716,8 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to psa_aead_update_ad() so far is * less than the additional data length that was previously - * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to psa_aead_update() so far is + * specified with psa_aead_set_lengths(), or + * the total length of input to psa_aead_update() so far is * less than the plaintext length that was previously * specified with psa_aead_set_lengths(). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2760,7 +2726,9 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be an active encryption + * operation with a nonce set), or the library has not been previously + * initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -2789,7 +2757,7 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * plaintext and reports success. If the authentication tag is not correct, * this function returns #PSA_ERROR_INVALID_SIGNATURE. * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_aead_abort(). * @@ -2823,9 +2791,6 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculations were successful, but the authentication tag is * not correct. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active decryption - * operation with a nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p plaintext buffer is too small. * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or @@ -2834,9 +2799,8 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to psa_aead_update_ad() so far is * less than the additional data length that was previously - * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to psa_aead_update() so far is + * specified with psa_aead_set_lengths(), or + * the total length of input to psa_aead_update() so far is * less than the plaintext length that was previously * specified with psa_aead_set_lengths(). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2845,7 +2809,9 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be an active decryption + * operation with a nonce set), or the library has not been previously + * initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3089,7 +3055,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_SIGNATURE - * The calculation was perfomed successfully, but the passed + * The calculation was performed successfully, but the passed * signature is not a valid signature. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -3113,7 +3079,7 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, /** * \brief Encrypt a short message with a public key. * - * \param key Identifer of the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must be a public key or an asymmetric key * pair. It must allow the usage * #PSA_KEY_USAGE_ENCRYPT. @@ -3338,9 +3304,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3359,12 +3324,11 @@ psa_status_t psa_key_derivation_setup( * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active). * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3387,13 +3351,12 @@ psa_status_t psa_key_derivation_get_capacity( * \p capacity is larger than the operation's current capacity. * In this case, the operation object remains valid and its capacity * remains unchanged. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active). * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active), or the + * library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3437,8 +3400,7 @@ psa_status_t psa_key_derivation_set_capacity( * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step is not compatible with the operation's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the operation's algorithm, or * \c step does not allow direct inputs. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -3446,9 +3408,8 @@ psa_status_t psa_key_derivation_set_capacity( * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid for this input \p step. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid for this input \p step, or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3489,8 +3450,7 @@ psa_status_t psa_key_derivation_input_bytes( * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step is not compatible with the operation's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the operation's algorithm, or * \c step does not allow key inputs of the given type * or does not allow key inputs at all. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -3499,9 +3459,8 @@ psa_status_t psa_key_derivation_input_bytes( * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid for this input \p step. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid for this input \p step, or + * the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3553,25 +3512,23 @@ psa_status_t psa_key_derivation_input_key( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid for this key agreement \p step. * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c private_key is not compatible with \c alg, * or \p peer_key is not valid for \c alg or not compatible with - * \c private_key. + * \c private_key, or \c step does not allow an input resulting + * from a key agreement. * \retval #PSA_ERROR_NOT_SUPPORTED * \c alg is not supported or is not a key derivation algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step does not allow an input resulting from a key agreement. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid for this key agreement \p step, + * or the library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3607,16 +3564,15 @@ psa_status_t psa_key_derivation_key_agreement( * The operation's capacity is set to 0, thus * subsequent calls to this function will not * succeed, even with a smaller output buffer. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active and completed - * all required input steps). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3749,9 +3705,6 @@ psa_status_t psa_key_derivation_output_bytes( * \retval #PSA_ERROR_NOT_PERMITTED * The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through * a key. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active and completed - * all required input steps). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -3761,7 +3714,9 @@ psa_status_t psa_key_derivation_output_bytes( * \retval #PSA_ERROR_DATA_CORRUPT * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -3828,8 +3783,7 @@ psa_status_t psa_key_derivation_abort( * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p alg is not a key agreement algorithm - * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p alg is not a key agreement algorithm, or * \p private_key is not compatible with \p alg, * or \p peer_key is not valid for \p alg or not compatible with * \p private_key. diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_builtin_composites.h b/vendor/mbedtls/include/psa/crypto_builtin_composites.h similarity index 93% rename from vendor/mbedtls/2.28.0/include/psa/crypto_builtin_composites.h rename to vendor/mbedtls/include/psa/crypto_builtin_composites.h index a875b23704..711c43df78 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_builtin_composites.h +++ b/vendor/mbedtls/include/psa/crypto_builtin_composites.h @@ -43,6 +43,12 @@ #define MBEDTLS_PSA_BUILTIN_MAC #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#define MBEDTLS_PSA_BUILTIN_AEAD 1 +#endif + #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) typedef struct { diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_builtin_primitives.h b/vendor/mbedtls/include/psa/crypto_builtin_primitives.h similarity index 98% rename from vendor/mbedtls/2.28.0/include/psa/crypto_builtin_primitives.h rename to vendor/mbedtls/include/psa/crypto_builtin_primitives.h index 62a0e6f370..96c45290bd 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_builtin_primitives.h +++ b/vendor/mbedtls/include/psa/crypto_builtin_primitives.h @@ -103,7 +103,6 @@ typedef struct defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_compat.h b/vendor/mbedtls/include/psa/crypto_compat.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/psa/crypto_compat.h rename to vendor/mbedtls/include/psa/crypto_compat.h index 09ac488398..0d184042e3 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_compat.h +++ b/vendor/mbedtls/include/psa/crypto_compat.h @@ -44,7 +44,7 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t; #define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT -/** Check whether an handle is null. +/** Check whether a handle is null. * * \param handle Handle * diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_config.h b/vendor/mbedtls/include/psa/crypto_config.h similarity index 93% rename from vendor/mbedtls/2.28.0/include/psa/crypto_config.h rename to vendor/mbedtls/include/psa/crypto_config.h index e2446cb26c..f261e013e0 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_config.h +++ b/vendor/mbedtls/include/psa/crypto_config.h @@ -60,7 +60,6 @@ #define PSA_WANT_ALG_CMAC 1 #define PSA_WANT_ALG_CFB 1 #define PSA_WANT_ALG_CHACHA20_POLY1305 1 -#define PSA_WANT_ALG_CMAC 1 #define PSA_WANT_ALG_CTR 1 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 #define PSA_WANT_ALG_ECB_NO_PADDING 1 @@ -86,7 +85,9 @@ #define PSA_WANT_ALG_STREAM_CIPHER 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_ALG_XTS 1 +/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. + * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +//#define PSA_WANT_ALG_XTS 1 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 @@ -94,14 +95,14 @@ #define PSA_WANT_ECC_MONTGOMERY_255 1 /* * Curve448 is not yet supported via the PSA API in Mbed TLS - * (https://github.com/ARMmbed/mbedtls/issues/4249). Thus, do not enable it by + * (https://github.com/Mbed-TLS/mbedtls/issues/4249). Thus, do not enable it by * default. */ //#define PSA_WANT_ECC_MONTGOMERY_448 1 #define PSA_WANT_ECC_SECP_K1_192 1 /* * SECP224K1 is buggy via the PSA API in Mbed TLS - * (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by + * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by * default. */ //#define PSA_WANT_ECC_SECP_K1_224 1 diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_driver_common.h b/vendor/mbedtls/include/psa/crypto_driver_common.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/psa/crypto_driver_common.h rename to vendor/mbedtls/include/psa/crypto_driver_common.h diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_driver_contexts_composites.h b/vendor/mbedtls/include/psa/crypto_driver_contexts_composites.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/psa/crypto_driver_contexts_composites.h rename to vendor/mbedtls/include/psa/crypto_driver_contexts_composites.h diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_driver_contexts_primitives.h b/vendor/mbedtls/include/psa/crypto_driver_contexts_primitives.h similarity index 100% rename from vendor/mbedtls/2.28.0/include/psa/crypto_driver_contexts_primitives.h rename to vendor/mbedtls/include/psa/crypto_driver_contexts_primitives.h diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_extra.h b/vendor/mbedtls/include/psa/crypto_extra.h similarity index 98% rename from vendor/mbedtls/2.28.0/include/psa/crypto_extra.h rename to vendor/mbedtls/include/psa/crypto_extra.h index 3ee0482cbd..a34d551645 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_extra.h +++ b/vendor/mbedtls/include/psa/crypto_extra.h @@ -181,12 +181,9 @@ static inline void psa_clear_key_slot_number( * support registering a key. * \retval #PSA_ERROR_INVALID_ARGUMENT * The identifier in \p attributes is invalid, namely the identifier is - * not in the user range. - * \retval #PSA_ERROR_INVALID_ARGUMENT + * not in the user range, or * \p attributes specifies a lifetime which is not located - * in a secure element. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * No slot number is specified in \p attributes, + * in a secure element, or no slot number is specified in \p attributes, * or the specified slot number is not valid. * \retval #PSA_ERROR_NOT_PERMITTED * The caller is not authorized to register the specified key slot. @@ -348,7 +345,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * length of the byte string is the private key size in bytes (leading zeroes * are not stripped). * - * Determinstic DSA key derivation with psa_generate_derived_key follows + * Deterministic DSA key derivation with psa_generate_derived_key follows * FIPS 186-4 §B.1.2: interpret the byte string as integer * in big-endian order. Discard it if it is not in the range * [0, *N* - 2] where *N* is the boundary of the private key domain @@ -359,7 +356,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, */ #define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002) -/** Whether a key type is an DSA key (pair or public-only). */ +/** Whether a key type is a DSA key (pair or public-only). */ #define PSA_KEY_TYPE_IS_DSA(type) \ (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY) @@ -448,9 +445,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * As an exception, the public exponent 65537 is represented by an empty * byte string. * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR), - * the `Dss-Parms` format as defined by RFC 3279 §2.3.2. + * the `Dss-Params` format as defined by RFC 3279 §2.3.2. * ``` - * Dss-Parms ::= SEQUENCE { + * Dss-Params ::= SEQUENCE { * p INTEGER, * q INTEGER, * g INTEGER @@ -466,9 +463,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * g INTEGER, -- generator, g * q INTEGER, -- factor of p-1 * j INTEGER OPTIONAL, -- subgroup factor - * validationParms ValidationParms OPTIONAL + * validationParams ValidationParams OPTIONAL * } - * ValidationParms ::= SEQUENCE { + * ValidationParams ::= SEQUENCE { * seed BIT STRING, * pgenCounter INTEGER * } diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_platform.h b/vendor/mbedtls/include/psa/crypto_platform.h similarity index 96% rename from vendor/mbedtls/2.28.0/include/psa/crypto_platform.h rename to vendor/mbedtls/include/psa/crypto_platform.h index 66f4687930..d3f518e327 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_platform.h +++ b/vendor/mbedtls/include/psa/crypto_platform.h @@ -60,8 +60,8 @@ * * The function psa_its_identifier_of_slot() in psa_crypto_storage.c that * translates a key identifier to a key storage file name assumes that - * mbedtls_key_owner_id_t is an 32 bits integer. This function thus needs - * reworking if mbedtls_key_owner_id_t is not defined as a 32 bits integer + * mbedtls_key_owner_id_t is a 32-bit integer. This function thus needs + * reworking if mbedtls_key_owner_id_t is not defined as a 32-bit integer * here anymore. */ typedef int32_t mbedtls_key_owner_id_t; diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_se_driver.h b/vendor/mbedtls/include/psa/crypto_se_driver.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/psa/crypto_se_driver.h rename to vendor/mbedtls/include/psa/crypto_se_driver.h index 1dc8f9b5c4..f8f8c92e88 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_se_driver.h +++ b/vendor/mbedtls/include/psa/crypto_se_driver.h @@ -225,7 +225,7 @@ typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context, * operation by comparing the resulting MAC against a provided value * * \param[in,out] op_context A hardware-specific structure for the previously - * started MAC operation to be fiinished + * started MAC operation to be finished * \param[in] p_mac The MAC value against which the resulting MAC * will be compared against * \param[in] mac_length The size in bytes of the value stored in `p_mac` @@ -336,7 +336,7 @@ typedef struct { /** Function that completes a MAC operation with a verify check */ psa_drv_se_mac_finish_verify_t p_finish_verify; - /** Function that aborts a previoustly started MAC operation + /** Function that aborts a previously started MAC operation */ psa_drv_se_mac_abort_t p_abort; /** Function that performs a MAC operation in one call @@ -394,7 +394,7 @@ typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_cont psa_encrypt_or_decrypt_t direction); /** \brief A function that sets the initialization vector (if - * necessary) for an secure element cipher operation + * necessary) for a secure element cipher operation * * Rationale: The `psa_se_cipher_*` operation in the PSA Cryptographic API has * two IV functions: one to set the IV, and one to generate it internally. The @@ -745,7 +745,7 @@ typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_cont size_t ciphertext_size, size_t *p_ciphertext_length); -/** A function that peforms a secure element authenticated decryption operation +/** A function that performs a secure element authenticated decryption operation * * \param[in,out] drv_context The driver context structure. * \param[in] key_slot Slot containing the key to use @@ -1156,7 +1156,7 @@ typedef struct { * * Different key derivation algorithms require a different number of inputs. * Instead of having an API that takes as input variable length arrays, which - * can be problemmatic to manage on embedded platforms, the inputs are passed + * can be problematic to manage on embedded platforms, the inputs are passed * to the driver via a function, `psa_drv_se_key_derivation_collateral`, that * is called multiple times with different `collateral_id`s. Thus, for a key * derivation algorithm that required 3 parameter inputs, the flow would look @@ -1270,7 +1270,7 @@ typedef struct { psa_drv_se_key_derivation_collateral_t p_collateral; /** Function that performs a final key derivation step */ psa_drv_se_key_derivation_derive_t p_derive; - /** Function that perforsm a final key derivation or agreement and + /** Function that performs a final key derivation or agreement and * exports the key */ psa_drv_se_key_derivation_export_t p_export; } psa_drv_se_key_derivation_t; diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_sizes.h b/vendor/mbedtls/include/psa/crypto_sizes.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/psa/crypto_sizes.h rename to vendor/mbedtls/include/psa/crypto_sizes.h index e2ae5965d4..a0a52876be 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_sizes.h +++ b/vendor/mbedtls/include/psa/crypto_sizes.h @@ -716,7 +716,7 @@ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11) /* Maximum size of the export encoding of an RSA key pair. - * Assumes thatthe public exponent is less than 2^32 and that the size + * Assumes that the public exponent is less than 2^32 and that the size * difference between the two primes is at most 1 bit. * * RSAPrivateKey ::= SEQUENCE { @@ -747,7 +747,7 @@ * subjectPublicKey BIT STRING } -- contains DSAPublicKey * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, - * parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs + * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs * DSAPublicKey ::= INTEGER -- public key, Y * * - 3 * 4 bytes of SEQUENCE overhead; diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_struct.h b/vendor/mbedtls/include/psa/crypto_struct.h similarity index 99% rename from vendor/mbedtls/2.28.0/include/psa/crypto_struct.h rename to vendor/mbedtls/include/psa/crypto_struct.h index 23a02a5d8e..511b3973b8 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_struct.h +++ b/vendor/mbedtls/include/psa/crypto_struct.h @@ -442,7 +442,7 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes, } else { - /* Call the bigger function to free the old domain paramteres. + /* Call the bigger function to free the old domain parameters. * Ignore any errors which may arise due to type requiring * non-default domain parameters, since this function can't * report errors. */ diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_types.h b/vendor/mbedtls/include/psa/crypto_types.h similarity index 80% rename from vendor/mbedtls/2.28.0/include/psa/crypto_types.h rename to vendor/mbedtls/include/psa/crypto_types.h index 386c7d794b..679cbc48e6 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_types.h +++ b/vendor/mbedtls/include/psa/crypto_types.h @@ -69,10 +69,21 @@ typedef int32_t psa_status_t; */ /** \brief Encoding of a key type. + * + * Values of this type are generally constructed by macros called + * `PSA_KEY_TYPE_xxx`. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. */ typedef uint16_t psa_key_type_t; /** The type of PSA elliptic curve family identifiers. + * + * Values of this type are generally constructed by macros called + * `PSA_ECC_FAMILY_xxx`. * * The curve identifier is required to create an ECC key using the * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY() @@ -80,27 +91,48 @@ typedef uint16_t psa_key_type_t; * * Values defined by this standard will never be in the range 0x80-0xff. * Vendors who define additional families must use an encoding in this range. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. */ typedef uint8_t psa_ecc_family_t; /** The type of PSA Diffie-Hellman group family identifiers. * - * The group identifier is required to create an Diffie-Hellman key using the + * Values of this type are generally constructed by macros called + * `PSA_DH_FAMILY_xxx`. + * + * The group identifier is required to create a Diffie-Hellman key using the * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY() * macros. * * Values defined by this standard will never be in the range 0x80-0xff. * Vendors who define additional families must use an encoding in this range. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. */ typedef uint8_t psa_dh_family_t; /** \brief Encoding of a cryptographic algorithm. + * + * Values of this type are generally constructed by macros called + * `PSA_ALG_xxx`. * * For algorithms that can be applied to multiple key types, this type * does not encode the key type. For example, for symmetric ciphers * based on a block cipher, #psa_algorithm_t encodes the block cipher * mode and the padding mode while the block cipher itself is encoded * via #psa_key_type_t. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. */ typedef uint32_t psa_algorithm_t; @@ -142,6 +174,14 @@ typedef uint32_t psa_algorithm_t; * #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is * available. Other lifetime values may be supported depending on the * library configuration. + * + * Values of this type are generally constructed by macros called + * `PSA_KEY_LIFETIME_xxx`. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. */ typedef uint32_t psa_key_lifetime_t; @@ -173,6 +213,11 @@ typedef uint32_t psa_key_lifetime_t; * \note Key persistence levels are 8-bit values. Key management * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which * encode the persistence as the lower 8 bits of a 32-bit value. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. */ typedef uint8_t psa_key_persistence_t; @@ -209,6 +254,11 @@ typedef uint8_t psa_key_persistence_t; * \note Key location indicators are 24-bit values. Key management * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which * encode the location as the upper 24 bits of a 32-bit value. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. */ typedef uint32_t psa_key_location_t; @@ -220,15 +270,33 @@ typedef uint32_t psa_key_location_t; * #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX. * - 0 is reserved as an invalid key identifier. * - Key identifiers outside these ranges are reserved for future use. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to how values are allocated must require careful + * consideration to allow backward compatibility. */ typedef uint32_t psa_key_id_t; +/** Encoding of key identifiers as seen inside the PSA Crypto implementation. + * + * When PSA Crypto is built as a library inside an application, this type + * is identical to #psa_key_id_t. When PSA Crypto is built as a service + * that can store keys on behalf of multiple clients, this type + * encodes the #psa_key_id_t value seen by each client application as + * well as extra information that identifies the client that owns + * the key. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. +*/ #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) typedef psa_key_id_t mbedtls_svc_key_id_t; #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /* Implementation-specific: The Mbed Cryptography library can be built as - * part of a multi-client service that exposes the PSA Cryptograpy API in each + * part of a multi-client service that exposes the PSA Cryptography API in each * client and encodes the client identity in the key identifier argument of * functions such as psa_open_key(). */ @@ -246,7 +314,16 @@ typedef struct * @{ */ -/** \brief Encoding of permitted usage on a key. */ +/** \brief Encoding of permitted usage on a key. + * + * Values of this type are generally constructed as bitwise-ors of macros + * called `PSA_KEY_USAGE_xxx`. + * + * \note Values of this type are encoded in the persistent key store. + * Any changes to existing values will require bumping the storage + * format version and providing a translation when reading the old + * format. + */ typedef uint32_t psa_key_usage_t; /**@}*/ @@ -375,7 +452,11 @@ typedef uint64_t psa_key_slot_number_t; * @{ */ -/** \brief Encoding of the step of a key derivation. */ +/** \brief Encoding of the step of a key derivation. + * + * Values of this type are generally constructed by macros called + * `PSA_KEY_DERIVATION_INPUT_xxx`. + */ typedef uint16_t psa_key_derivation_step_t; /**@}*/ diff --git a/vendor/mbedtls/2.28.0/include/psa/crypto_values.h b/vendor/mbedtls/include/psa/crypto_values.h similarity index 97% rename from vendor/mbedtls/2.28.0/include/psa/crypto_values.h rename to vendor/mbedtls/include/psa/crypto_values.h index fafe93cf9b..a4b4927e9d 100644 --- a/vendor/mbedtls/2.28.0/include/psa/crypto_values.h +++ b/vendor/mbedtls/include/psa/crypto_values.h @@ -12,6 +12,11 @@ * designations of cryptographic algorithms, and error codes returned by * the library. * + * Note that many of the constants defined in this file are embedded in + * the persistent key store, as part of key metadata (including usage + * policies). As a consequence, they must not be changed (unless the storage + * format version changes). + * * This header file only defines preprocessor macros. */ /* @@ -40,6 +45,18 @@ /* PSA error codes */ +/* Error codes are standardized across PSA domains (framework, crypto, storage, + * etc.). Do not change the values in this section or even the expansions + * of each macro: it must be possible to `#include` both this header + * and some other PSA component's headers in the same C source, + * which will lead to duplicate definitions of the `PSA_SUCCESS` and + * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand + * to the same sequence of tokens. + * + * If you must add a new + * value, check with the Arm PSA framework group to pick one that other + * domains aren't already using. */ + /** The action was completed successfully. */ #define PSA_SUCCESS ((psa_status_t)0) @@ -316,6 +333,12 @@ * @{ */ +/* Note that key type values, including ECC family and DH group values, are + * embedded in the persistent key store, as part of key metadata. As a + * consequence, they must not be changed (unless the storage format version + * changes). + */ + /** An invalid key type value. * * Zero is not the encoding of any key type. @@ -440,9 +463,9 @@ * Camellia block cipher. */ #define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403) -/** Key for the RC4 stream cipher. +/** Key for the ARC4 stream cipher (also known as RC4 or ARCFOUR). * - * Note that RC4 is weak and deprecated and should only be used in + * Note that ARC4 is weak and deprecated and should only be used in * legacy protocols. */ #define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002) @@ -673,6 +696,11 @@ 1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \ 0u) +/* Note that algorithm values are embedded in the persistent key store, + * as part of key metadata. As a consequence, they must not be changed + * (unless the storage format version changes). + */ + /** Vendor-defined algorithm flag. * * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG @@ -1167,7 +1195,7 @@ */ #define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x05100500) -/* In the encoding of a AEAD algorithm, the bits corresponding to +/* In the encoding of an AEAD algorithm, the bits corresponding to * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag. * The constants for default lengths follow this encoding. */ @@ -1302,9 +1330,11 @@ * This is the signature scheme defined by RFC 8017 * (PKCS#1: RSA Cryptography Specifications) under the name * RSASSA-PSS, with the message generation function MGF1, and with - * a salt length equal to the length of the hash. The specified - * hash algorithm is used to hash the input message, to create the - * salted hash, and for the mask generation. + * a salt length equal to the length of the hash, or the largest + * possible salt length for the algorithm and key size if that is + * smaller than the hash length. The specified hash algorithm is + * used to hash the input message, to create the salted hash, and + * for the mask generation. * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_HASH(\p hash_alg) is true). @@ -1390,7 +1420,7 @@ * with a random per-message secret number (*k*). * * The representation of the signature as a byte string consists of - * the concatentation of the signature values *r* and *s*. Each of + * the concatenation of the signature values *r* and *s*. Each of * *r* and *s* is encoded as an *N*-octet string, where *N* is the length * of the base point of the curve in octets. Each value is represented * in big-endian order (most significant octet first). @@ -1928,6 +1958,11 @@ * @{ */ +/* Note that location and persistence level values are embedded in the + * persistent key store, as part of key metadata. As a consequence, they + * must not be changed (unless the storage format version changes). + */ + /** The default lifetime for volatile keys. * * A volatile key only exists as long as the identifier to it is not destroyed. @@ -2043,6 +2078,11 @@ #define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) +/* Note that key identifier values are embedded in the + * persistent key store, as part of key metadata. As a consequence, they + * must not be changed (unless the storage format version changes). + */ + /** The null key identifier. */ #define PSA_KEY_ID_NULL ((psa_key_id_t)0) @@ -2154,6 +2194,11 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * @{ */ +/* Note that key usage flags are embedded in the + * persistent key store, as part of key metadata. As a consequence, they + * must not be changed (unless the storage format version changes). + */ + /** Whether the key may be exported. * * A public key or the public part of a key pair may always be exported @@ -2255,6 +2300,9 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * @{ */ +/* Key input steps are not embedded in the persistent storage, so you can + * change them if needed: it's only an ABI change. */ + /** A secret input for key derivation. * * This should be a key of type #PSA_KEY_TYPE_DERIVE diff --git a/vendor/mbedtls/2.28.0/library/aes.c b/vendor/mbedtls/library/aes.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/aes.c rename to vendor/mbedtls/library/aes.c index 31824e75cf..74ea2672b0 100644 --- a/vendor/mbedtls/2.28.0/library/aes.c +++ b/vendor/mbedtls/library/aes.c @@ -40,14 +40,7 @@ #include "mbedtls/aesni.h" #endif -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_AES_ALT) @@ -1106,7 +1099,7 @@ typedef unsigned char mbedtls_be128[16]; * * This function multiplies a field element by x in the polynomial field * representation. It uses 64-bit word operations to gain speed but compensates - * for machine endianess and hence works correctly on both big and little + * for machine endianness and hence works correctly on both big and little * endian machines. */ static void mbedtls_gf128mul_x_ble( unsigned char r[16], @@ -1170,7 +1163,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, { /* We are on the last block in a decrypt operation that has * leftover bytes, so we need to use the next tweak for this block, - * and this tweak for the lefover bytes. Save the current tweak for + * and this tweak for the leftover bytes. Save the current tweak for * the leftovers and then update the current tweak for use on this, * the last full block. */ memcpy( prev_tweak, tweak, sizeof( tweak ) ); @@ -1206,7 +1199,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, unsigned char *prev_output = output - 16; /* Copy ciphertext bytes from the previous block to our output for each - * byte of cyphertext we won't steal. At the same time, copy the + * byte of ciphertext we won't steal. At the same time, copy the * remainder of the input for this final round (since the loop bounds * are the same). */ for( i = 0; i < leftover; i++ ) @@ -1770,7 +1763,8 @@ int mbedtls_aes_self_test( int verbose ) unsigned char key[32]; unsigned char buf[64]; const unsigned char *aes_tests; -#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) +#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_OFB) unsigned char iv[16]; #endif #if defined(MBEDTLS_CIPHER_MODE_CBC) diff --git a/vendor/mbedtls/2.28.0/library/aesni.c b/vendor/mbedtls/library/aesni.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/aesni.c rename to vendor/mbedtls/library/aesni.c diff --git a/vendor/mbedtls/2.28.0/library/arc4.c b/vendor/mbedtls/library/arc4.c similarity index 95% rename from vendor/mbedtls/2.28.0/library/arc4.c rename to vendor/mbedtls/library/arc4.c index b34dc5e754..dcc13d539a 100644 --- a/vendor/mbedtls/2.28.0/library/arc4.c +++ b/vendor/mbedtls/library/arc4.c @@ -31,14 +31,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_ARC4_ALT) diff --git a/vendor/mbedtls/2.28.0/library/aria.c b/vendor/mbedtls/library/aria.c similarity index 96% rename from vendor/mbedtls/2.28.0/library/aria.c rename to vendor/mbedtls/library/aria.c index bc05c4a319..5e52eea91e 100644 --- a/vendor/mbedtls/2.28.0/library/aria.c +++ b/vendor/mbedtls/library/aria.c @@ -31,24 +31,12 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_ARIA_ALT) #include "mbedtls/platform_util.h" -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /* Parameter validation macros */ #define ARIA_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ) @@ -895,15 +883,17 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ -#define ARIA_SELF_TEST_IF_FAIL \ - { \ - if( verbose ) \ - mbedtls_printf( "failed\n" ); \ - goto exit; \ - } else { \ - if( verbose ) \ - mbedtls_printf( "passed\n" ); \ - } +#define ARIA_SELF_TEST_ASSERT( cond ) \ + do { \ + if( cond ) { \ + if( verbose ) \ + mbedtls_printf( "failed\n" ); \ + goto exit; \ + } else { \ + if( verbose ) \ + mbedtls_printf( "passed\n" ); \ + } \ + } while( 0 ) /* * Checkup routine @@ -937,16 +927,18 @@ int mbedtls_aria_self_test( int verbose ) mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk ); - if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( + memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) + != 0 ); /* test ECB decryption */ if( verbose ) mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i ); mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk ); - if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( + memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) + != 0 ); } if( verbose ) mbedtls_printf( "\n" ); @@ -965,8 +957,8 @@ int mbedtls_aria_self_test( int verbose ) memset( buf, 0x55, sizeof( buf ) ); mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 ) + != 0 ); /* Test CBC decryption */ if( verbose ) @@ -976,8 +968,7 @@ int mbedtls_aria_self_test( int verbose ) memset( buf, 0xAA, sizeof( buf ) ); mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, aria_test2_cbc_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); } if( verbose ) mbedtls_printf( "\n" ); @@ -996,8 +987,7 @@ int mbedtls_aria_self_test( int verbose ) j = 0; mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ); /* Test CFB decryption */ if( verbose ) @@ -1008,8 +998,7 @@ int mbedtls_aria_self_test( int verbose ) j = 0; mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, iv, aria_test2_cfb_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); } if( verbose ) mbedtls_printf( "\n" ); @@ -1027,8 +1016,7 @@ int mbedtls_aria_self_test( int verbose ) j = 0; mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ); /* Test CTR decryption */ if( verbose ) @@ -1039,8 +1027,7 @@ int mbedtls_aria_self_test( int verbose ) j = 0; mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, aria_test2_ctr_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); } if( verbose ) mbedtls_printf( "\n" ); diff --git a/vendor/mbedtls/2.28.0/library/asn1parse.c b/vendor/mbedtls/library/asn1parse.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/asn1parse.c rename to vendor/mbedtls/library/asn1parse.c index 22747d3ba4..bf97585289 100644 --- a/vendor/mbedtls/2.28.0/library/asn1parse.c +++ b/vendor/mbedtls/library/asn1parse.c @@ -31,13 +31,7 @@ #include "mbedtls/bignum.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* * ASN.1 DER decoding routines diff --git a/vendor/mbedtls/2.28.0/library/asn1write.c b/vendor/mbedtls/library/asn1write.c similarity index 97% rename from vendor/mbedtls/2.28.0/library/asn1write.c rename to vendor/mbedtls/library/asn1write.c index 3811ef27a3..4b59927cbb 100644 --- a/vendor/mbedtls/2.28.0/library/asn1write.c +++ b/vendor/mbedtls/library/asn1write.c @@ -26,13 +26,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ) { @@ -78,9 +72,11 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len return( 4 ); } + int len_is_valid = 1; #if SIZE_MAX > 0xFFFFFFFF - if( len <= 0xFFFFFFFF ) + len_is_valid = ( len <= 0xFFFFFFFF ); #endif + if( len_is_valid ) { if( *p - start < 5 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); @@ -93,9 +89,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len return( 5 ); } -#if SIZE_MAX > 0xFFFFFFFF return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); -#endif } int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ) @@ -133,6 +127,11 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt // len = mbedtls_mpi_size( X ); + /* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not + * as 0 digits. We need to end up with 020100, not with 0200. */ + if( len == 0 ) + len = 1; + if( *p < start || (size_t)( *p - start ) < len ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); @@ -472,7 +471,7 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( cur->val.len = val_len; } - if( val != NULL ) + if( val != NULL && val_len != 0 ) memcpy( cur->val.p, val, val_len ); return( cur ); diff --git a/vendor/mbedtls/2.28.0/library/base64.c b/vendor/mbedtls/library/base64.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/base64.c rename to vendor/mbedtls/library/base64.c index 83daa0bcc6..9021a041bb 100644 --- a/vendor/mbedtls/2.28.0/library/base64.c +++ b/vendor/mbedtls/library/base64.c @@ -28,12 +28,7 @@ #if defined(MBEDTLS_SELF_TEST) #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ #define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ diff --git a/vendor/mbedtls/2.28.0/library/bignum.c b/vendor/mbedtls/library/bignum.c similarity index 92% rename from vendor/mbedtls/2.28.0/library/bignum.c rename to vendor/mbedtls/library/bignum.c index 62e7f76727..37193f55a8 100644 --- a/vendor/mbedtls/2.28.0/library/bignum.c +++ b/vendor/mbedtls/library/bignum.c @@ -46,15 +46,7 @@ #include #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #define MPI_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) @@ -270,6 +262,17 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) memcpy( Y, &T, sizeof( mbedtls_mpi ) ); } +static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z ) +{ + if( z >= 0 ) + return( z ); + /* Take care to handle the most negative value (-2^(biL-1)) correctly. + * A naive -z would have undefined behavior. + * Write this in a way that makes popular compilers happy (GCC, Clang, + * MSVC). */ + return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z ); +} + /* * Set value from integer */ @@ -281,7 +284,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ) MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) ); memset( X->p, 0, X->n * ciL ); - X->p[0] = ( z < 0 ) ? -z : z; + X->p[0] = mpi_sint_abs( z ); X->s = ( z < 0 ) ? -1 : 1; cleanup: @@ -1101,7 +1104,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ) mbedtls_mpi_uint p[1]; MPI_VALIDATE_RET( X != NULL ); - *p = ( z < 0 ) ? -z : z; + *p = mpi_sint_abs( z ); Y.s = ( z < 0 ) ? -1 : 1; Y.n = 1; Y.p = p; @@ -1138,6 +1141,11 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[j - 1] != 0 ) break; + /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0 + * and B is 0 (of any size). */ + if( j == 0 ) + return( 0 ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); o = B->p; p = X->p; c = 0; @@ -1257,10 +1265,12 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi return( ret ); } -/* - * Signed addition: X = A + B +/* Common function for signed addition and subtraction. + * Calculate A + B * flip_B where flip_B is 1 or -1. */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +static int add_sub_mpi( mbedtls_mpi *X, + const mbedtls_mpi *A, const mbedtls_mpi *B, + int flip_B ) { int ret, s; MPI_VALIDATE_RET( X != NULL ); @@ -1268,16 +1278,21 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MPI_VALIDATE_RET( B != NULL ); s = A->s; - if( A->s * B->s < 0 ) + if( A->s * B->s * flip_B < 0 ) { - if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) + int cmp = mbedtls_mpi_cmp_abs( A, B ); + if( cmp >= 0 ) { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); - X->s = s; + /* If |A| = |B|, the result is 0 and we must set the sign bit + * to +1 regardless of which of A or B was negative. Otherwise, + * since |A| > |B|, the sign is the sign of A. */ + X->s = cmp == 0 ? 1 : s; } else { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); + /* Since |A| < |B|, the sign is the opposite of A. */ X->s = -s; } } @@ -1292,39 +1307,20 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi return( ret ); } +/* + * Signed addition: X = A + B + */ +int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +{ + return( add_sub_mpi( X, A, B, 1 ) ); +} + /* * Signed subtraction: X = A - B */ int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret, s; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - - s = A->s; - if( A->s * B->s > 0 ) - { - if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); - X->s = s; - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); - X->s = -s; - } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) ); - X->s = s; - } - -cleanup: - - return( ret ); + return( add_sub_mpi( X, A, B, -1 ) ); } /* @@ -1337,7 +1333,7 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); - p[0] = ( b < 0 ) ? -b : b; + p[0] = mpi_sint_abs( b ); B.s = ( b < 0 ) ? -1 : 1; B.n = 1; B.p = p; @@ -1355,7 +1351,7 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); - p[0] = ( b < 0 ) ? -b : b; + p[0] = mpi_sint_abs( b ); B.s = ( b < 0 ) ? -1 : 1; B.n = 1; B.p = p; @@ -1776,7 +1772,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, mbedtls_mpi_uint p[1]; MPI_VALIDATE_RET( A != NULL ); - p[0] = ( b < 0 ) ? -b : b; + p[0] = mpi_sint_abs( b ); B.s = ( b < 0 ) ? -1 : 1; B.n = 1; B.p = p; @@ -1829,7 +1825,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_ /* * handle trivial cases */ - if( b == 1 ) + if( b == 1 || A->n == 0 ) { *r = 0; return( 0 ); @@ -2009,11 +2005,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi *prec_RR ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t wbits, wsize, one = 1; + size_t window_bitsize; size_t i, j, nblimbs; size_t bufsize, nbits; mbedtls_mpi_uint ei, mm, state; - mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos; + mbedtls_mpi RR, T, W[ (size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos; int neg; MPI_VALIDATE_RET( X != NULL ); @@ -2042,21 +2038,59 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, i = mbedtls_mpi_bitlen( E ); - wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : + window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; #if( MBEDTLS_MPI_WINDOW_SIZE < 6 ) - if( wsize > MBEDTLS_MPI_WINDOW_SIZE ) - wsize = MBEDTLS_MPI_WINDOW_SIZE; + if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE ) + window_bitsize = MBEDTLS_MPI_WINDOW_SIZE; #endif + const size_t w_table_used_size = (size_t) 1 << window_bitsize; + + /* + * This function is not constant-trace: its memory accesses depend on the + * exponent value. To defend against timing attacks, callers (such as RSA + * and DHM) should use exponent blinding. However this is not enough if the + * adversary can find the exponent in a single trace, so this function + * takes extra precautions against adversaries who can observe memory + * access patterns. + * + * This function performs a series of multiplications by table elements and + * squarings, and we want the prevent the adversary from finding out which + * table element was used, and from distinguishing between multiplications + * and squarings. Firstly, when multiplying by an element of the window + * W[i], we do a constant-trace table lookup to obfuscate i. This leaves + * squarings as having a different memory access patterns from other + * multiplications. So secondly, we put the accumulator X in the table as + * well, and also do a constant-trace table lookup to multiply by X. + * + * This way, all multiplications take the form of a lookup-and-multiply. + * The number of lookup-and-multiply operations inside each iteration of + * the main loop still depends on the bits of the exponent, but since the + * other operations in the loop don't have an easily recognizable memory + * trace, an adversary is unlikely to be able to observe the exact + * patterns. + * + * An adversary may still be able to recover the exponent if they can + * observe both memory accesses and branches. However, branch prediction + * exploitation typically requires many traces of execution over the same + * data, which is defeated by randomized blinding. + * + * To achieve this, we make a copy of X and we use the table entry in each + * calculation from this point on. + */ + const size_t x_index = 0; + mbedtls_mpi_init( &W[x_index] ); + mbedtls_mpi_copy( &W[x_index], X ); + j = N->n + 1; /* All W[i] and X must have at least N->n limbs for the mpi_montmul() * and mpi_montred() calls later. Here we ensure that W[1] and X are * large enough, and later we'll grow other W[i] to the same length. * They must not be shrunk midway through this function! */ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[x_index], j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); @@ -2105,28 +2139,36 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, mpi_montmul( &W[1], &RR, N, mm, &T ); /* - * X = R^2 * R^-1 mod N = R mod N + * W[x_index] = R^2 * R^-1 mod N = R mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - mpi_montred( X, N, mm, &T ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[x_index], &RR ) ); + mpi_montred( &W[x_index], N, mm, &T ); + - if( wsize > 1 ) + if( window_bitsize > 1 ) { /* - * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1) + * W[i] = W[1] ^ i + * + * The first bit of the sliding window is always 1 and therefore we + * only need to store the second half of the table. + * + * (There are two special elements in the table: W[0] for the + * accumulator/result and W[1] for A in Montgomery form. Both of these + * are already set at this point.) */ - j = one << ( wsize - 1 ); + j = w_table_used_size / 2; MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); - for( i = 0; i < wsize - 1; i++ ) + for( i = 0; i < window_bitsize - 1; i++ ) mpi_montmul( &W[j], &W[j], N, mm, &T ); /* * W[i] = W[i - 1] * W[1] */ - for( i = j + 1; i < ( one << wsize ); i++ ) + for( i = j + 1; i < w_table_used_size; i++ ) { MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); @@ -2138,7 +2180,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, nblimbs = E->n; bufsize = 0; nbits = 0; - wbits = 0; + size_t exponent_bits_in_window = 0; state = 0; while( 1 ) @@ -2166,9 +2208,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, if( ei == 0 && state == 1 ) { /* - * out of window, square X + * out of window, square W[x_index] */ - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) ); + mpi_montmul( &W[x_index], &WW, N, mm, &T ); continue; } @@ -2178,25 +2221,30 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, state = 2; nbits++; - wbits |= ( ei << ( wsize - nbits ) ); + exponent_bits_in_window |= ( ei << ( window_bitsize - nbits ) ); - if( nbits == wsize ) + if( nbits == window_bitsize ) { /* - * X = X^wsize R^-1 mod N + * W[x_index] = W[x_index]^window_bitsize R^-1 mod N */ - for( i = 0; i < wsize; i++ ) - mpi_montmul( X, X, N, mm, &T ); + for( i = 0; i < window_bitsize; i++ ) + { + MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, + x_index ) ); + mpi_montmul( &W[x_index], &WW, N, mm, &T ); + } /* - * X = X * W[wbits] R^-1 mod N + * W[x_index] = W[x_index] * W[exponent_bits_in_window] R^-1 mod N */ - MBEDTLS_MPI_CHK( mpi_select( &WW, W, (size_t) 1 << wsize, wbits ) ); - mpi_montmul( X, &WW, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, + exponent_bits_in_window ) ); + mpi_montmul( &W[x_index], &WW, N, mm, &T ); state--; nbits = 0; - wbits = 0; + exponent_bits_in_window = 0; } } @@ -2205,31 +2253,45 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, */ for( i = 0; i < nbits; i++ ) { - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) ); + mpi_montmul( &W[x_index], &WW, N, mm, &T ); - wbits <<= 1; + exponent_bits_in_window <<= 1; - if( ( wbits & ( one << wsize ) ) != 0 ) - mpi_montmul( X, &W[1], N, mm, &T ); + if( ( exponent_bits_in_window & ( (size_t) 1 << window_bitsize ) ) != 0 ) + { + MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, 1 ) ); + mpi_montmul( &W[x_index], &WW, N, mm, &T ); + } } /* - * X = A^E * R * R^-1 mod N = A^E mod N + * W[x_index] = A^E * R * R^-1 mod N = A^E mod N */ - mpi_montred( X, N, mm, &T ); + mpi_montred( &W[x_index], N, mm, &T ); if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) { - X->s = -1; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) ); + W[x_index].s = -1; + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &W[x_index], N, &W[x_index] ) ); } + /* + * Load the result in the output variable. + */ + mbedtls_mpi_copy( X, &W[x_index] ); + cleanup: - for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ ) + /* The first bit of the sliding window is always 1 and therefore the first + * half of the table was unused. */ + for( i = w_table_used_size/2; i < w_table_used_size; i++ ) mbedtls_mpi_free( &W[i] ); - mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos ); + mbedtls_mpi_free( &W[x_index] ); + mbedtls_mpi_free( &W[1] ); + mbedtls_mpi_free( &T ); + mbedtls_mpi_free( &Apos ); mbedtls_mpi_free( &WW ); if( prec_RR == NULL || prec_RR->p == NULL ) @@ -2317,7 +2379,7 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B * TA-TB is even so the division by 2 has an integer result. * Invariant (I) is preserved since any odd divisor of both TA and TB * also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2 - * also divides TB, and any odd divisior of both TB and |TA-TB|/2 also + * also divides TB, and any odd divisor of both TB and |TA-TB|/2 also * divides TA. */ if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 ) @@ -2862,7 +2924,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, else { /* - * An necessary condition for Y and X = 2Y + 1 to be prime + * A necessary condition for Y and X = 2Y + 1 to be prime * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). * Make sure it is satisfied, while keeping X = 3 mod 4 */ diff --git a/vendor/mbedtls/2.28.0/library/blowfish.c b/vendor/mbedtls/library/blowfish.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/blowfish.c rename to vendor/mbedtls/library/blowfish.c diff --git a/vendor/mbedtls/2.28.0/library/camellia.c b/vendor/mbedtls/library/camellia.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/camellia.c rename to vendor/mbedtls/library/camellia.c index 29d730ab53..e90cd7f134 100644 --- a/vendor/mbedtls/2.28.0/library/camellia.c +++ b/vendor/mbedtls/library/camellia.c @@ -32,14 +32,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_CAMELLIA_ALT) diff --git a/vendor/mbedtls/2.28.0/library/ccm.c b/vendor/mbedtls/library/ccm.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/ccm.c rename to vendor/mbedtls/library/ccm.c index a21a37f55f..e0d43334f9 100644 --- a/vendor/mbedtls/2.28.0/library/ccm.c +++ b/vendor/mbedtls/library/ccm.c @@ -36,14 +36,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #if !defined(MBEDTLS_CCM_ALT) diff --git a/vendor/mbedtls/2.28.0/library/certs.c b/vendor/mbedtls/library/certs.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/certs.c rename to vendor/mbedtls/library/certs.c diff --git a/vendor/mbedtls/2.28.0/library/chacha20.c b/vendor/mbedtls/library/chacha20.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/chacha20.c rename to vendor/mbedtls/library/chacha20.c index 658f046901..bd0701482c 100644 --- a/vendor/mbedtls/2.28.0/library/chacha20.c +++ b/vendor/mbedtls/library/chacha20.c @@ -32,22 +32,10 @@ #include #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_CHACHA20_ALT) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /* Parameter validation macros */ #define CHACHA20_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) diff --git a/vendor/mbedtls/2.28.0/library/chachapoly.c b/vendor/mbedtls/library/chachapoly.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/chachapoly.c rename to vendor/mbedtls/library/chachapoly.c index dc75b2030a..4adf846857 100644 --- a/vendor/mbedtls/2.28.0/library/chachapoly.c +++ b/vendor/mbedtls/library/chachapoly.c @@ -28,14 +28,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_CHACHAPOLY_ALT) diff --git a/vendor/mbedtls/2.28.0/library/check_crypto_config.h b/vendor/mbedtls/library/check_crypto_config.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/check_crypto_config.h rename to vendor/mbedtls/library/check_crypto_config.h diff --git a/vendor/mbedtls/2.28.0/library/cipher.c b/vendor/mbedtls/library/cipher.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/cipher.c rename to vendor/mbedtls/library/cipher.c index 4ec40d2cac..67e3274587 100644 --- a/vendor/mbedtls/2.28.0/library/cipher.c +++ b/vendor/mbedtls/library/cipher.c @@ -63,12 +63,7 @@ #include "mbedtls/nist_kw.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #define CIPHER_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) @@ -386,6 +381,12 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CHACHA20_C) if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) { + /* Even though the actual_iv_size is overwritten with a correct value + * of 12 from the cipher info, return an error to indicate that + * the input iv_len is wrong. */ + if( iv_len != 12 ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx, iv, 0U ) ) /* Initial counter value */ @@ -393,6 +394,11 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } } +#if defined(MBEDTLS_CHACHAPOLY_C) + if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 && + iv_len != 12 ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +#endif #endif if ( actual_iv_size != 0 ) diff --git a/vendor/mbedtls/2.28.0/library/cipher_wrap.c b/vendor/mbedtls/library/cipher_wrap.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/cipher_wrap.c rename to vendor/mbedtls/library/cipher_wrap.c index 57eb3cb67f..c76bdcc0f8 100644 --- a/vendor/mbedtls/2.28.0/library/cipher_wrap.c +++ b/vendor/mbedtls/library/cipher_wrap.c @@ -76,13 +76,7 @@ #include #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if defined(MBEDTLS_GCM_C) /* shared by all GCM ciphers */ diff --git a/vendor/mbedtls/2.28.0/library/cmac.c b/vendor/mbedtls/library/cmac.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/cmac.c rename to vendor/mbedtls/library/cmac.c diff --git a/vendor/mbedtls/2.28.0/library/common.h b/vendor/mbedtls/library/common.h similarity index 88% rename from vendor/mbedtls/2.28.0/library/common.h rename to vendor/mbedtls/library/common.h index c06472418d..1663d50226 100644 --- a/vendor/mbedtls/2.28.0/library/common.h +++ b/vendor/mbedtls/library/common.h @@ -29,8 +29,15 @@ #include "mbedtls/config.h" #endif +#include #include +/* Define `inline` on some non-C99-compliant compilers. */ +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + /** Helper to define a function as static except when building invasive tests. * * If a function is only used inside its own source file and should be @@ -52,6 +59,44 @@ #define MBEDTLS_STATIC_TESTABLE static #endif +/** Return an offset into a buffer. + * + * This is just the addition of an offset to a pointer, except that this + * function also accepts an offset of 0 into a buffer whose pointer is null. + * (`p + n` has undefined behavior when `p` is null, even when `n == 0`. + * A null pointer is a valid buffer pointer when the size is 0, for example + * as the result of `malloc(0)` on some platforms.) + * + * \param p Pointer to a buffer of at least n bytes. + * This may be \p NULL if \p n is zero. + * \param n An offset in bytes. + * \return Pointer to offset \p n in the buffer \p p. + * Note that this is only a valid pointer if the size of the + * buffer is at least \p n + 1. + */ +static inline unsigned char *mbedtls_buffer_offset( + unsigned char *p, size_t n ) +{ + return( p == NULL ? NULL : p + n ); +} + +/** Return an offset into a read-only buffer. + * + * Similar to mbedtls_buffer_offset(), but for const pointers. + * + * \param p Pointer to a buffer of at least n bytes. + * This may be \p NULL if \p n is zero. + * \param n An offset in bytes. + * \return Pointer to offset \p n in the buffer \p p. + * Note that this is only a valid pointer if the size of the + * buffer is at least \p n + 1. + */ +static inline const unsigned char *mbedtls_buffer_offset_const( + const unsigned char *p, size_t n ) +{ + return( p == NULL ? NULL : p + n ); +} + /** Byte Reading Macros * * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th diff --git a/vendor/mbedtls/2.28.0/library/constant_time.c b/vendor/mbedtls/library/constant_time.c similarity index 96% rename from vendor/mbedtls/2.28.0/library/constant_time.c rename to vendor/mbedtls/library/constant_time.c index 18f1b20daa..2401b0434a 100644 --- a/vendor/mbedtls/2.28.0/library/constant_time.c +++ b/vendor/mbedtls/library/constant_time.c @@ -81,7 +81,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value ) #endif } -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) size_t mbedtls_ct_size_mask( size_t value ) { @@ -97,7 +97,7 @@ size_t mbedtls_ct_size_mask( size_t value ) #endif } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_BIGNUM_C) @@ -272,7 +272,7 @@ unsigned mbedtls_ct_uint_if( unsigned condition, * \note if1 and if0 must be either 1 or -1, otherwise the result * is undefined. * - * \param condition Condition to test. + * \param condition Condition to test; must be either 0 or 1. * \param if1 The first sign; must be either +1 or -1. * \param if0 The second sign; must be either +1 or -1. * @@ -404,8 +404,7 @@ static void mbedtls_ct_mem_move_to_left( void *start, #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) - +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) void mbedtls_ct_memcpy_if_eq( unsigned char *dest, const unsigned char *src, size_t len, @@ -489,6 +488,12 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) ); MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) ); + /* Fill the hash buffer in advance with something that is + * not a valid hash (barring an attack on the hash and + * deliberately-crafted input), in case the caller doesn't + * check the return status properly. */ + memset( output, '!', hash_size ); + /* For each possible length, compute the hash up to that point */ for( offset = min_data_len; offset <= max_data_len; offset++ ) { @@ -521,7 +526,7 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, return( ret ); } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_BIGNUM_C) @@ -533,6 +538,13 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, * about whether the assignment was made or not. * (Leaking information about the respective sizes of X and Y is ok however.) */ +#if defined(_MSC_VER) && defined(_M_ARM64) && (_MSC_FULL_VER < 193131103) +/* + * MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See: + * https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989 + */ +__declspec(noinline) +#endif int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ) @@ -562,7 +574,7 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, /* * Conditionally swap X and Y, without leaking information * about whether the swap was made or not. - * Here it is not ok to simply swap the pointers, which whould lead to + * Here it is not ok to simply swap the pointers, which would lead to * different memory access patterns when X and Y are used afterwards. */ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, diff --git a/vendor/mbedtls/2.28.0/library/constant_time_internal.h b/vendor/mbedtls/library/constant_time_internal.h similarity index 95% rename from vendor/mbedtls/2.28.0/library/constant_time_internal.h rename to vendor/mbedtls/library/constant_time_internal.h index bbb3a90670..ff2d0ff92c 100644 --- a/vendor/mbedtls/2.28.0/library/constant_time_internal.h +++ b/vendor/mbedtls/library/constant_time_internal.h @@ -32,7 +32,6 @@ #include - /** Turn a value into a mask: * - if \p value == 0, return the all-bits 0 mask, aka 0 * - otherwise, return the all-bits 1 mask, aka (unsigned) -1 @@ -46,7 +45,7 @@ */ unsigned mbedtls_ct_uint_mask( unsigned value ); -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) /** Turn a value into a mask: * - if \p value == 0, return the all-bits 0 mask, aka 0 @@ -61,7 +60,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value ); */ size_t mbedtls_ct_size_mask( size_t value ); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_BIGNUM_C) @@ -196,7 +195,7 @@ signed char mbedtls_ct_base64_dec_value( unsigned char c ); #endif /* MBEDTLS_BASE64_C */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) /** Conditional memcpy without branches. * @@ -221,6 +220,13 @@ void mbedtls_ct_memcpy_if_eq( unsigned char *dest, * offset_secret, but only on \p offset_min, \p offset_max and \p len. * Functionally equivalent to `memcpy(dst, src + offset_secret, len)`. * + * \note This function reads from \p dest, but the value that + * is read does not influence the result and this + * function's behavior is well-defined regardless of the + * contents of the buffers. This may result in false + * positives from static or dynamic analyzers, especially + * if \p dest is not initialized. + * * \param dest The destination buffer. This must point to a writable * buffer of at least \p len bytes. * \param src The base of the source buffer. This must point to a @@ -285,7 +291,7 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, size_t max_data_len, unsigned char *output ); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) diff --git a/vendor/mbedtls/2.28.0/library/constant_time_invasive.h b/vendor/mbedtls/library/constant_time_invasive.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/constant_time_invasive.h rename to vendor/mbedtls/library/constant_time_invasive.h diff --git a/vendor/mbedtls/2.28.0/library/ctr_drbg.c b/vendor/mbedtls/library/ctr_drbg.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/ctr_drbg.c rename to vendor/mbedtls/library/ctr_drbg.c index a604ec0761..ed31576a7b 100644 --- a/vendor/mbedtls/2.28.0/library/ctr_drbg.c +++ b/vendor/mbedtls/library/ctr_drbg.c @@ -36,14 +36,7 @@ #include #endif -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ /* * CTR_DRBG context initialization @@ -828,7 +821,7 @@ static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf, return( 1 ); \ } -#define SELF_TEST_OUPUT_DISCARD_LENGTH 64 +#define SELF_TEST_OUTPUT_DISCARD_LENGTH 64 /* * Checkup routine @@ -854,7 +847,7 @@ int mbedtls_ctr_drbg_self_test( int verbose ) (void *) entropy_source_pr, pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE ) ); mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH ) ); + CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) ); CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_pr ) ) ); CHK( memcmp( buf, result_pr, sizeof( result_pr ) ) ); @@ -879,7 +872,7 @@ int mbedtls_ctr_drbg_self_test( int verbose ) (void *) entropy_source_nopr, pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE ) ); CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH ) ); + CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) ); CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_nopr ) ) ); CHK( memcmp( buf, result_nopr, sizeof( result_nopr ) ) ); diff --git a/vendor/mbedtls/2.28.0/library/debug.c b/vendor/mbedtls/library/debug.c similarity index 96% rename from vendor/mbedtls/2.28.0/library/debug.c rename to vendor/mbedtls/library/debug.c index e1086008af..353b4bf07b 100644 --- a/vendor/mbedtls/2.28.0/library/debug.c +++ b/vendor/mbedtls/library/debug.c @@ -21,16 +21,7 @@ #if defined(MBEDTLS_DEBUG_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_time_t time_t -#define mbedtls_snprintf snprintf -#define mbedtls_vsnprintf vsnprintf -#endif #include "mbedtls/debug.h" #include "mbedtls/error.h" @@ -39,11 +30,6 @@ #include #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define DEBUG_BUF_SIZE 512 static int debug_threshold = 0; diff --git a/vendor/mbedtls/2.28.0/library/des.c b/vendor/mbedtls/library/des.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/des.c rename to vendor/mbedtls/library/des.c index 91d22b5d90..65f5681cf1 100644 --- a/vendor/mbedtls/2.28.0/library/des.c +++ b/vendor/mbedtls/library/des.c @@ -33,14 +33,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_DES_ALT) diff --git a/vendor/mbedtls/2.28.0/library/dhm.c b/vendor/mbedtls/library/dhm.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/dhm.c rename to vendor/mbedtls/library/dhm.c index 88e148bb80..4d2e33e689 100644 --- a/vendor/mbedtls/2.28.0/library/dhm.c +++ b/vendor/mbedtls/library/dhm.c @@ -43,15 +43,7 @@ #include "mbedtls/asn1.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if !defined(MBEDTLS_DHM_ALT) diff --git a/vendor/mbedtls/2.28.0/library/ecdh.c b/vendor/mbedtls/library/ecdh.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/ecdh.c rename to vendor/mbedtls/library/ecdh.c index 9dfa868063..724c938a71 100644 --- a/vendor/mbedtls/2.28.0/library/ecdh.c +++ b/vendor/mbedtls/library/ecdh.c @@ -77,10 +77,12 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* If multiplication is in progress, we already generated a privkey */ + int restarting = 0; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx == NULL || rs_ctx->rsm == NULL ) + restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL ); #endif + /* If multiplication is in progress, we already generated a privkey */ + if( !restarting ) MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G, @@ -399,7 +401,7 @@ static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx, } /* - * Read the ServerKeyExhange parameters (RFC 4492) + * Read the ServerKeyExchange parameters (RFC 4492) * struct { * ECParameters curve_params; * ECPoint public; diff --git a/vendor/mbedtls/2.28.0/library/ecdsa.c b/vendor/mbedtls/library/ecdsa.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/ecdsa.c rename to vendor/mbedtls/library/ecdsa.c index 640eb24a26..4bae6a93fd 100644 --- a/vendor/mbedtls/2.28.0/library/ecdsa.c +++ b/vendor/mbedtls/library/ecdsa.c @@ -36,13 +36,7 @@ #include "mbedtls/hmac_drbg.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/platform_util.h" #include "mbedtls/error.h" diff --git a/vendor/mbedtls/2.28.0/library/ecjpake.c b/vendor/mbedtls/library/ecjpake.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/ecjpake.c rename to vendor/mbedtls/library/ecjpake.c index 368b6c7124..fe0b9d93e9 100644 --- a/vendor/mbedtls/2.28.0/library/ecjpake.c +++ b/vendor/mbedtls/library/ecjpake.c @@ -435,7 +435,7 @@ static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info, /* * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs - * Ouputs: verified peer public keys Xa, Xb + * Outputs: verified peer public keys Xa, Xb */ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, const mbedtls_ecp_group *grp, @@ -794,12 +794,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, #if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif #if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ !defined(MBEDTLS_SHA256_C) diff --git a/vendor/mbedtls/2.28.0/library/ecp.c b/vendor/mbedtls/library/ecp.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/ecp.c rename to vendor/mbedtls/library/ecp.c index 7f9e1045d4..ad19e05fb2 100644 --- a/vendor/mbedtls/2.28.0/library/ecp.c +++ b/vendor/mbedtls/library/ecp.c @@ -90,15 +90,7 @@ #define ECP_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ecp_internal.h" @@ -112,11 +104,6 @@ #endif #endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if defined(MBEDTLS_SELF_TEST) /* * Counts of point addition and doubling, and field multiplications. @@ -1307,7 +1294,7 @@ static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp, * For curves in short Weierstrass form, we do all the internal operations in * Jacobian coordinates. * - * For multiplication, we'll use a comb method with coutermeasueres against + * For multiplication, we'll use a comb method with countermeasures against * SPA, hence timing attacks. */ @@ -2056,9 +2043,13 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R i = d; MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); + + int have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != 0 ) + if( f_rng == NULL ) + have_rng = 0; #endif + if( have_rng ) MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); } @@ -2192,9 +2183,12 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, * * Avoid the leak by randomizing coordinates before we normalize them. */ + int have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != 0 ) + if( f_rng == NULL ) + have_rng = 0; #endif + if( have_rng ) MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); @@ -2251,7 +2245,7 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, * This function is mainly responsible for administrative work: * - managing the restart context if enabled * - managing the table of precomputed points (passed between the below two - * functions): allocation, computation, ownership tranfer, freeing. + * functions): allocation, computation, ownership transfer, freeing. * * It delegates the actual arithmetic work to: * ecp_precompute_comb() and ecp_mul_comb_with_precomp() @@ -2403,12 +2397,14 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, mbedtls_free( T ); } - /* don't free R while in progress in case R == P */ + /* prevent caller from using invalid value */ + int should_free_R = ( ret != 0 ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + /* don't free R while in progress in case R == P */ + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + should_free_R = 0; #endif - /* prevent caller from using invalid value */ - if( ret != 0 ) + if( should_free_R ) mbedtls_ecp_point_free( R ); ECP_RS_LEAVE( rsm ); @@ -2422,7 +2418,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* * For Montgomery curves, we do all the internal arithmetic in projective * coordinates. Import/export of points uses only the x coordinates, which is - * internaly represented as X / Z. + * internally represented as X / Z. * * For scalar multiplication, we'll use a Montgomery ladder. */ @@ -2592,17 +2588,20 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) ); mbedtls_mpi_free( &R->Y ); - /* RP.X might be sligtly larger than P, so reduce it */ + /* RP.X might be slightly larger than P, so reduce it */ MOD_ADD( RP.X ); /* Randomize coordinates of the starting point */ + int have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != NULL ) + if( f_rng == NULL ) + have_rng = 0; #endif + if( have_rng ) MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); /* Loop invariant: R = result so far, RP = R + P */ - i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */ + i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */ while( i-- > 0 ) { b = mbedtls_mpi_get_bit( m, i ); @@ -2631,9 +2630,12 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * * Avoid the leak by randomizing coordinates before we normalize them. */ + have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != NULL ) + if( f_rng == NULL ) + have_rng = 0; #endif + if( have_rng ) MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); @@ -2680,10 +2682,12 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ + int restarting = 0; #if defined(MBEDTLS_ECP_RESTARTABLE) - /* skip argument check when restarting */ - if( rs_ctx == NULL || rs_ctx->rsm == NULL ) + restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL ); #endif + /* skip argument check when restarting */ + if( !restarting ) { /* check_privkey is free */ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); @@ -2797,14 +2801,17 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, if( mbedtls_mpi_cmp_int( m, 0 ) == 0 ) { + MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) ); } else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) { + MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); } else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 ) { + MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) ); diff --git a/vendor/mbedtls/2.28.0/library/ecp_curves.c b/vendor/mbedtls/library/ecp_curves.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/ecp_curves.c rename to vendor/mbedtls/library/ecp_curves.c index ff26a18e8f..47761eef4e 100644 --- a/vendor/mbedtls/2.28.0/library/ecp_curves.c +++ b/vendor/mbedtls/library/ecp_curves.c @@ -38,11 +38,6 @@ #define ECP_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)} #define ECP_MPI_INIT_ARRAY(x) \ @@ -755,6 +750,8 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) ECP_VALIDATE_RET( grp != NULL ); mbedtls_ecp_group_free( grp ); + mbedtls_ecp_group_init( grp ); + grp->id = id; switch( id ) diff --git a/vendor/mbedtls/2.28.0/library/ecp_invasive.h b/vendor/mbedtls/library/ecp_invasive.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/ecp_invasive.h rename to vendor/mbedtls/library/ecp_invasive.h diff --git a/vendor/mbedtls/2.28.0/library/entropy.c b/vendor/mbedtls/library/entropy.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/entropy.c rename to vendor/mbedtls/library/entropy.c index 12fd3b9b5f..e3b337ff35 100644 --- a/vendor/mbedtls/2.28.0/library/entropy.c +++ b/vendor/mbedtls/library/entropy.c @@ -38,18 +38,9 @@ #include #endif -#if defined(MBEDTLS_ENTROPY_NV_SEED) #include "mbedtls/platform.h" -#endif -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if defined(MBEDTLS_HAVEGE_C) #include "mbedtls/havege.h" diff --git a/vendor/mbedtls/2.28.0/library/entropy_poll.c b/vendor/mbedtls/library/entropy_poll.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/entropy_poll.c rename to vendor/mbedtls/library/entropy_poll.c index 2c1e0937b9..a858c1892b 100644 --- a/vendor/mbedtls/2.28.0/library/entropy_poll.c +++ b/vendor/mbedtls/library/entropy_poll.c @@ -38,9 +38,7 @@ #if defined(MBEDTLS_HAVEGE_C) #include "mbedtls/havege.h" #endif -#if defined(MBEDTLS_ENTROPY_NV_SEED) #include "mbedtls/platform.h" -#endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) diff --git a/vendor/mbedtls/2.28.0/library/error.c b/vendor/mbedtls/library/error.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/error.c rename to vendor/mbedtls/library/error.c index afad38904f..8573369a32 100644 --- a/vendor/mbedtls/2.28.0/library/error.c +++ b/vendor/mbedtls/library/error.c @@ -25,11 +25,7 @@ #if defined(MBEDTLS_ERROR_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_snprintf snprintf -#endif #include #include @@ -961,7 +957,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #else /* MBEDTLS_ERROR_C */ /* - * Provide an non-function in case MBEDTLS_ERROR_C is not defined + * Provide a dummy implementation when MBEDTLS_ERROR_C is not defined */ void mbedtls_strerror( int ret, char *buf, size_t buflen ) { diff --git a/vendor/mbedtls/2.28.0/library/gcm.c b/vendor/mbedtls/library/gcm.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/gcm.c rename to vendor/mbedtls/library/gcm.c index 43a5e1bec6..d0b73379a6 100644 --- a/vendor/mbedtls/2.28.0/library/gcm.c +++ b/vendor/mbedtls/library/gcm.c @@ -32,6 +32,7 @@ #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" +#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -41,15 +42,6 @@ #include "mbedtls/aesni.h" #endif -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -#include "mbedtls/aes.h" -#include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - #if !defined(MBEDTLS_GCM_ALT) /* Parameter validation macros */ diff --git a/vendor/mbedtls/2.28.0/library/havege.c b/vendor/mbedtls/library/havege.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/havege.c rename to vendor/mbedtls/library/havege.c diff --git a/vendor/mbedtls/2.28.0/library/hkdf.c b/vendor/mbedtls/library/hkdf.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/hkdf.c rename to vendor/mbedtls/library/hkdf.c diff --git a/vendor/mbedtls/2.28.0/library/hmac_drbg.c b/vendor/mbedtls/library/hmac_drbg.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/hmac_drbg.c rename to vendor/mbedtls/library/hmac_drbg.c index de9706885c..69272fa73d 100644 --- a/vendor/mbedtls/2.28.0/library/hmac_drbg.c +++ b/vendor/mbedtls/library/hmac_drbg.c @@ -37,14 +37,7 @@ #include #endif -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_SELF_TEST */ -#endif /* MBEDTLS_PLATFORM_C */ /* * HMAC_DRBG context initialization diff --git a/vendor/mbedtls/2.28.0/library/md.c b/vendor/mbedtls/library/md.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/md.c rename to vendor/mbedtls/library/md.c index a10a835634..53a84b01c6 100644 --- a/vendor/mbedtls/2.28.0/library/md.c +++ b/vendor/mbedtls/library/md.c @@ -38,13 +38,7 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include diff --git a/vendor/mbedtls/2.28.0/library/md2.c b/vendor/mbedtls/library/md2.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/md2.c rename to vendor/mbedtls/library/md2.c index 7264e30313..f8293a1df3 100644 --- a/vendor/mbedtls/2.28.0/library/md2.c +++ b/vendor/mbedtls/library/md2.c @@ -33,14 +33,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_MD2_ALT) diff --git a/vendor/mbedtls/2.28.0/library/md4.c b/vendor/mbedtls/library/md4.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/md4.c rename to vendor/mbedtls/library/md4.c index eaa679a0a6..a412213480 100644 --- a/vendor/mbedtls/2.28.0/library/md4.c +++ b/vendor/mbedtls/library/md4.c @@ -33,14 +33,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_MD4_ALT) diff --git a/vendor/mbedtls/2.28.0/library/md5.c b/vendor/mbedtls/library/md5.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/md5.c rename to vendor/mbedtls/library/md5.c index 4b53fcf367..e53bfe6306 100644 --- a/vendor/mbedtls/2.28.0/library/md5.c +++ b/vendor/mbedtls/library/md5.c @@ -32,14 +32,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_MD5_ALT) diff --git a/vendor/mbedtls/2.28.0/library/memory_buffer_alloc.c b/vendor/mbedtls/library/memory_buffer_alloc.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/memory_buffer_alloc.c rename to vendor/mbedtls/library/memory_buffer_alloc.c index 0d5d27d3de..cc62324bdc 100644 --- a/vendor/mbedtls/2.28.0/library/memory_buffer_alloc.c +++ b/vendor/mbedtls/library/memory_buffer_alloc.c @@ -555,8 +555,8 @@ static void *buffer_alloc_calloc_mutexed( size_t n, size_t size ) static void buffer_alloc_free_mutexed( void *ptr ) { - /* We have to good option here, but corrupting the heap seems - * worse than loosing memory. */ + /* We have no good option here, but corrupting the heap seems + * worse than losing memory. */ if( mbedtls_mutex_lock( &heap.mutex ) ) return; buffer_alloc_free( ptr ); diff --git a/vendor/mbedtls/2.28.0/library/mps_common.h b/vendor/mbedtls/library/mps_common.h similarity index 98% rename from vendor/mbedtls/2.28.0/library/mps_common.h rename to vendor/mbedtls/library/mps_common.h index d20776f159..668876ccfc 100644 --- a/vendor/mbedtls/2.28.0/library/mps_common.h +++ b/vendor/mbedtls/library/mps_common.h @@ -51,7 +51,7 @@ * the function's behavior is entirely undefined. * In addition to state integrity, all MPS structures have a more refined * notion of abstract state that the API operates on. For example, all layers - * have a notion of 'abtract read state' which indicates if incoming data has + * have a notion of 'abstract read state' which indicates if incoming data has * been passed to the user, e.g. through mps_l2_read_start() for Layer 2 * or mps_l3_read() in Layer 3. After such a call, it doesn't make sense to * call these reading functions again until the incoming data has been diff --git a/vendor/mbedtls/2.28.0/library/mps_error.h b/vendor/mbedtls/library/mps_error.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/mps_error.h rename to vendor/mbedtls/library/mps_error.h diff --git a/vendor/mbedtls/2.28.0/library/mps_reader.c b/vendor/mbedtls/library/mps_reader.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/mps_reader.c rename to vendor/mbedtls/library/mps_reader.c index 9af5073cc9..0c30a75d05 100644 --- a/vendor/mbedtls/2.28.0/library/mps_reader.c +++ b/vendor/mbedtls/library/mps_reader.c @@ -29,11 +29,6 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if defined(MBEDTLS_MPS_ENABLE_TRACE) static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER; #endif /* MBEDTLS_MPS_ENABLE_TRACE */ @@ -535,7 +530,7 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd, * of the accumulator. */ memmove( acc, acc + acc_backup_offset, acc_backup_len ); - /* Copy uncmmitted parts of the current fragment to the + /* Copy uncommitted parts of the current fragment to the * accumulator. */ memcpy( acc + acc_backup_len, frag + frag_backup_offset, frag_backup_len ); diff --git a/vendor/mbedtls/2.28.0/library/mps_reader.h b/vendor/mbedtls/library/mps_reader.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/mps_reader.h rename to vendor/mbedtls/library/mps_reader.h diff --git a/vendor/mbedtls/2.28.0/library/mps_trace.c b/vendor/mbedtls/library/mps_trace.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/mps_trace.c rename to vendor/mbedtls/library/mps_trace.c diff --git a/vendor/mbedtls/2.28.0/library/mps_trace.h b/vendor/mbedtls/library/mps_trace.h similarity index 97% rename from vendor/mbedtls/2.28.0/library/mps_trace.h rename to vendor/mbedtls/library/mps_trace.h index 7c2360118a..820a1b66c2 100644 --- a/vendor/mbedtls/2.28.0/library/mps_trace.h +++ b/vendor/mbedtls/library/mps_trace.h @@ -30,13 +30,7 @@ #include "mps_common.h" #include "mps_trace.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#define mbedtls_vsnprintf vsnprintf -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_MPS_ENABLE_TRACE) diff --git a/vendor/mbedtls/2.28.0/library/net_sockets.c b/vendor/mbedtls/library/net_sockets.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/net_sockets.c rename to vendor/mbedtls/library/net_sockets.c index 5fbe1f764a..b2cab503f2 100644 --- a/vendor/mbedtls/2.28.0/library/net_sockets.c +++ b/vendor/mbedtls/library/net_sockets.c @@ -37,11 +37,7 @@ #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#endif #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" @@ -107,7 +103,9 @@ static int wsa_init_done = 0; #include +#if defined(MBEDTLS_HAVE_TIME) #include +#endif #include diff --git a/vendor/mbedtls/2.28.0/library/nist_kw.c b/vendor/mbedtls/library/nist_kw.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/nist_kw.c rename to vendor/mbedtls/library/nist_kw.c index 1aea0b6345..495c23d06a 100644 --- a/vendor/mbedtls/2.28.0/library/nist_kw.c +++ b/vendor/mbedtls/library/nist_kw.c @@ -39,14 +39,7 @@ #include #include -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #if !defined(MBEDTLS_NIST_KW_ALT) diff --git a/vendor/mbedtls/2.28.0/library/oid.c b/vendor/mbedtls/library/oid.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/oid.c rename to vendor/mbedtls/library/oid.c index 19c8ac207c..53e5350eb3 100644 --- a/vendor/mbedtls/2.28.0/library/oid.c +++ b/vendor/mbedtls/library/oid.c @@ -30,11 +30,7 @@ #include #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_snprintf snprintf -#endif /* * Macro to automatically add the size of #define'd OIDs diff --git a/vendor/mbedtls/2.28.0/library/padlock.c b/vendor/mbedtls/library/padlock.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/padlock.c rename to vendor/mbedtls/library/padlock.c diff --git a/vendor/mbedtls/2.28.0/library/pem.c b/vendor/mbedtls/library/pem.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/pem.c rename to vendor/mbedtls/library/pem.c index fcfde94799..cb1c82b3e4 100644 --- a/vendor/mbedtls/2.28.0/library/pem.c +++ b/vendor/mbedtls/library/pem.c @@ -32,13 +32,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if defined(MBEDTLS_PEM_PARSE_C) void mbedtls_pem_init( mbedtls_pem_context *ctx ) diff --git a/vendor/mbedtls/2.28.0/library/pk.c b/vendor/mbedtls/library/pk.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/pk.c rename to vendor/mbedtls/library/pk.c diff --git a/vendor/mbedtls/2.28.0/library/pk_wrap.c b/vendor/mbedtls/library/pk_wrap.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/pk_wrap.c rename to vendor/mbedtls/library/pk_wrap.c index 107e912ace..f35abf21a4 100644 --- a/vendor/mbedtls/2.28.0/library/pk_wrap.c +++ b/vendor/mbedtls/library/pk_wrap.c @@ -50,13 +50,7 @@ #include "mbedtls/asn1.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include #include @@ -872,7 +866,7 @@ static void *pk_opaque_alloc_wrap( void ) { void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) ); - /* no _init() function to call, an calloc() already zeroized */ + /* no _init() function to call, as calloc() already zeroized */ return( ctx ); } diff --git a/vendor/mbedtls/2.28.0/library/pkcs11.c b/vendor/mbedtls/library/pkcs11.c similarity index 97% rename from vendor/mbedtls/2.28.0/library/pkcs11.c rename to vendor/mbedtls/library/pkcs11.c index 4deccf3f60..a7207cfc93 100644 --- a/vendor/mbedtls/2.28.0/library/pkcs11.c +++ b/vendor/mbedtls/library/pkcs11.c @@ -29,13 +29,7 @@ #include "mbedtls/oid.h" #include "mbedtls/x509_crt.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include diff --git a/vendor/mbedtls/2.28.0/library/pkcs12.c b/vendor/mbedtls/library/pkcs12.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/pkcs12.c rename to vendor/mbedtls/library/pkcs12.c diff --git a/vendor/mbedtls/2.28.0/library/pkcs5.c b/vendor/mbedtls/library/pkcs5.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/pkcs5.c rename to vendor/mbedtls/library/pkcs5.c index 2b014d91c8..f9d01371a7 100644 --- a/vendor/mbedtls/2.28.0/library/pkcs5.c +++ b/vendor/mbedtls/library/pkcs5.c @@ -42,12 +42,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif #if defined(MBEDTLS_ASN1_PARSE_C) static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, diff --git a/vendor/mbedtls/2.28.0/library/pkparse.c b/vendor/mbedtls/library/pkparse.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/pkparse.c rename to vendor/mbedtls/library/pkparse.c index 535ed70eb1..6170d6d012 100644 --- a/vendor/mbedtls/2.28.0/library/pkparse.c +++ b/vendor/mbedtls/library/pkparse.c @@ -48,13 +48,7 @@ #include "mbedtls/pkcs12.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* Parameter validation macros based on platform_util.h */ #define PK_VALIDATE_RET( cond ) \ @@ -474,7 +468,7 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g } /* - * grp may already be initilialized; if so, make sure IDs match + * grp may already be initialized; if so, make sure IDs match */ if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); @@ -807,7 +801,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, goto cleanup; #else - /* Verify existance of the CRT params */ + /* Verify existence of the CRT params */ if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ) @@ -1463,10 +1457,16 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, { p = pem.buf; if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + { + mbedtls_pem_free( &pem ); return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + } if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) + { + mbedtls_pem_free( &pem ); return( ret ); + } if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 ) mbedtls_pk_free( ctx ); diff --git a/vendor/mbedtls/2.28.0/library/pkwrite.c b/vendor/mbedtls/library/pkwrite.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/pkwrite.c rename to vendor/mbedtls/library/pkwrite.c index 566153dd93..c1ce0e3f02 100644 --- a/vendor/mbedtls/2.28.0/library/pkwrite.c +++ b/vendor/mbedtls/library/pkwrite.c @@ -48,13 +48,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* Parameter validation macros based on platform_util.h */ #define PK_VALIDATE_RET( cond ) \ diff --git a/vendor/mbedtls/2.28.0/library/platform.c b/vendor/mbedtls/library/platform.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/platform.c rename to vendor/mbedtls/library/platform.c diff --git a/vendor/mbedtls/2.28.0/library/platform_util.c b/vendor/mbedtls/library/platform_util.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/platform_util.c rename to vendor/mbedtls/library/platform_util.c diff --git a/vendor/mbedtls/2.28.0/library/poly1305.c b/vendor/mbedtls/library/poly1305.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/poly1305.c rename to vendor/mbedtls/library/poly1305.c index 7375a0c572..a1c5b19d8e 100644 --- a/vendor/mbedtls/2.28.0/library/poly1305.c +++ b/vendor/mbedtls/library/poly1305.c @@ -28,22 +28,10 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_POLY1305_ALT) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /* Parameter validation macros */ #define POLY1305_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto.c b/vendor/mbedtls/library/psa_crypto.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/psa_crypto.c rename to vendor/mbedtls/library/psa_crypto.c index e6dab33c77..f129733ce1 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto.c +++ b/vendor/mbedtls/library/psa_crypto.c @@ -51,10 +51,6 @@ #include #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/aes.h" #include "mbedtls/arc4.h" @@ -987,7 +983,7 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( goto error; } - /* Enforce that the usage policy permits the requested algortihm. */ + /* Enforce that the usage policy permits the requested algorithm. */ if( alg != 0 ) { status = psa_key_policy_permits( &slot->attr.policy, @@ -2371,6 +2367,20 @@ static psa_status_t psa_mac_finalize_alg_and_key_validation( return( PSA_ERROR_INVALID_ARGUMENT ); } + if( *mac_size > PSA_MAC_MAX_SIZE ) + { + /* PSA_MAC_LENGTH returns the correct length even for a MAC algorithm + * that is disabled in the compile-time configuration. The result can + * therefore be larger than PSA_MAC_MAX_SIZE, which does take the + * configuration into account. In this case, force a return of + * PSA_ERROR_NOT_SUPPORTED here. Otherwise psa_mac_verify(), or + * psa_mac_compute(mac_size=PSA_MAC_MAX_SIZE), would return + * PSA_ERROR_BUFFER_TOO_SMALL for an unsupported algorithm whose MAC size + * is larger than PSA_MAC_MAX_SIZE, which is misleading and which breaks + * systematically generated tests. */ + return( PSA_ERROR_NOT_SUPPORTED ); + } + return( PSA_SUCCESS ); } @@ -3345,6 +3355,8 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->iv_set = 0; if( alg == PSA_ALG_ECB_NO_PADDING ) operation->iv_required = 0; + else if( slot->attr.type == PSA_KEY_TYPE_ARC4 ) + operation->iv_required = 0; else operation->iv_required = 1; operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ); @@ -3626,8 +3638,8 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key, status = psa_driver_wrapper_cipher_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, local_iv, default_iv_length, input, input_length, - output + default_iv_length, output_size - default_iv_length, - output_length ); + mbedtls_buffer_offset( output, default_iv_length ), + output_size - default_iv_length, output_length ); exit: unlock_status = psa_unlock_key_slot( slot ); @@ -4353,50 +4365,75 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut /****************************************************************/ #if defined(AT_LEAST_ONE_BUILTIN_KDF) -static psa_status_t psa_key_derivation_setup_kdf( - psa_key_derivation_operation_t *operation, - psa_algorithm_t kdf_alg ) +static int is_kdf_alg_supported( psa_algorithm_t kdf_alg ) { - int is_kdf_alg_supported; - - /* Make sure that operation->ctx is properly zero-initialised. (Macro - * initialisers for this union leave some bytes unspecified.) */ - memset( &operation->ctx, 0, sizeof( operation->ctx ) ); - - /* Make sure that kdf_alg is a supported key derivation algorithm. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) if( PSA_ALG_IS_HKDF( kdf_alg ) ) - is_kdf_alg_supported = 1; - else + return( 1 ); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) - is_kdf_alg_supported = 1; - else + return( 1 ); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) - is_kdf_alg_supported = 1; - else + return( 1 ); #endif - is_kdf_alg_supported = 0; + return( 0 ); +} + +static psa_status_t psa_hash_try_support( psa_algorithm_t alg ) +{ + psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; + psa_status_t status = psa_hash_setup( &operation, alg ); + psa_hash_abort( &operation ); + return( status ); +} - if( is_kdf_alg_supported ) +static psa_status_t psa_key_derivation_setup_kdf( + psa_key_derivation_operation_t *operation, + psa_algorithm_t kdf_alg ) +{ + /* Make sure that operation->ctx is properly zero-initialised. (Macro + * initialisers for this union leave some bytes unspecified.) */ + memset( &operation->ctx, 0, sizeof( operation->ctx ) ); + + /* Make sure that kdf_alg is a supported key derivation algorithm. */ + if( ! is_kdf_alg_supported( kdf_alg ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + + /* All currently supported key derivation algorithms are based on a + * hash algorithm. */ + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); + size_t hash_size = PSA_HASH_LENGTH( hash_alg ); + if( hash_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + /* Make sure that hash_alg is a supported hash algorithm. Otherwise + * we might fail later, which is somewhat unfriendly and potentially + * risk-prone. */ + psa_status_t status = psa_hash_try_support( hash_alg ); + if( status != PSA_SUCCESS ) + return( status ); + + if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) && + ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) ) { - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); - size_t hash_size = PSA_HASH_LENGTH( hash_alg ); - if( hash_size == 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) && - ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) ) - { - return( PSA_ERROR_NOT_SUPPORTED ); - } - operation->capacity = 255 * hash_size; - return( PSA_SUCCESS ); + return( PSA_ERROR_NOT_SUPPORTED ); } + operation->capacity = 255 * hash_size; + return( PSA_SUCCESS ); +} + +static psa_status_t psa_key_agreement_try_support( psa_algorithm_t alg ) +{ +#if defined(PSA_WANT_ALG_ECDH) + if( alg == PSA_ALG_ECDH ) + return( PSA_SUCCESS ); +#endif + (void) alg; return( PSA_ERROR_NOT_SUPPORTED ); } #endif /* AT_LEAST_ONE_BUILTIN_KDF */ @@ -4415,6 +4452,10 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation { #if defined(AT_LEAST_ONE_BUILTIN_KDF) psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); + psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ); + status = psa_key_agreement_try_support( ka_alg ); + if( status != PSA_SUCCESS ) + return( status ); status = psa_key_derivation_setup_kdf( operation, kdf_alg ); #else return( PSA_ERROR_NOT_SUPPORTED ); @@ -4974,6 +5015,22 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, if( status != PSA_SUCCESS ) goto exit; + /* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is in general an upper bound + * for the output size. The PSA specification only guarantees that this + * function works if output_size >= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(...), + * but it might be nice to allow smaller buffers if the output fits. + * At the time of writing this comment, with only ECDH implemented, + * PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot. + * If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily + * be exact for it as well. */ + size_t expected_length = + PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( slot->attr.type, slot->attr.bits ); + if( output_size < expected_length ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + status = psa_key_agreement_raw_internal( alg, slot, peer_key, peer_key_length, output, output_size, @@ -5076,7 +5133,7 @@ psa_status_t psa_generate_random( uint8_t *output, if( status != PSA_SUCCESS ) return( status ); /* Breaking up a request into smaller chunks is currently not supported - * for the extrernal RNG interface. */ + * for the external RNG interface. */ if( output_length != output_size ) return( PSA_ERROR_INSUFFICIENT_ENTROPY ); return( PSA_SUCCESS ); diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_aead.c b/vendor/mbedtls/library/psa_crypto_aead.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_aead.c rename to vendor/mbedtls/library/psa_crypto_aead.c index 16a3711b98..2b07a6871e 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_aead.c +++ b/vendor/mbedtls/library/psa_crypto_aead.c @@ -24,6 +24,7 @@ #include "psa_crypto_aead.h" #include "psa_crypto_core.h" +#include "psa_crypto_cipher.h" #include "mbedtls/ccm.h" #include "mbedtls/chachapoly.h" diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_aead.h b/vendor/mbedtls/library/psa_crypto_aead.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_aead.h rename to vendor/mbedtls/library/psa_crypto_aead.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_cipher.c b/vendor/mbedtls/library/psa_crypto_cipher.c similarity index 91% rename from vendor/mbedtls/2.28.0/library/psa_crypto_cipher.c rename to vendor/mbedtls/library/psa_crypto_cipher.c index 1fb9172b76..13006fa4ae 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_cipher.c +++ b/vendor/mbedtls/library/psa_crypto_cipher.c @@ -22,7 +22,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) -#include +#include "psa_crypto_cipher.h" #include "psa_crypto_core.h" #include "psa_crypto_random_impl.h" @@ -47,36 +47,56 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( { switch( alg ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) case PSA_ALG_STREAM_CIPHER: mode = MBEDTLS_MODE_STREAM; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) case PSA_ALG_CTR: mode = MBEDTLS_MODE_CTR; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) case PSA_ALG_CFB: mode = MBEDTLS_MODE_CFB; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) case PSA_ALG_OFB: mode = MBEDTLS_MODE_OFB; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) case PSA_ALG_ECB_NO_PADDING: mode = MBEDTLS_MODE_ECB; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) case PSA_ALG_CBC_NO_PADDING: mode = MBEDTLS_MODE_CBC; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) case PSA_ALG_CBC_PKCS7: mode = MBEDTLS_MODE_CBC; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): mode = MBEDTLS_MODE_CCM; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): mode = MBEDTLS_MODE_GCM; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): mode = MBEDTLS_MODE_CHACHAPOLY; break; +#endif default: return( NULL ); } @@ -88,12 +108,17 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( switch( key_type ) { +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES) case PSA_KEY_TYPE_AES: cipher_id_tmp = MBEDTLS_CIPHER_ID_AES; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA) case PSA_KEY_TYPE_ARIA: cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) case PSA_KEY_TYPE_DES: /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES, * and 192 for three-key Triple-DES. */ @@ -107,15 +132,22 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( if( key_bits == 128 ) key_bits = 192; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA) case PSA_KEY_TYPE_CAMELLIA: cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4) case PSA_KEY_TYPE_ARC4: cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4; break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) case PSA_KEY_TYPE_CHACHA20: cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20; break; +#endif default: return( NULL ); } @@ -239,6 +271,7 @@ psa_status_t mbedtls_psa_cipher_set_iv( iv, iv_length ) ) ); } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) /** Process input for which the algorithm is set to ECB mode. * * This requires manual processing, since the PSA API is defined as being @@ -342,6 +375,7 @@ static psa_status_t psa_cipher_update_ecb( exit: return( status ); } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */ psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, @@ -369,6 +403,7 @@ psa_status_t mbedtls_psa_cipher_update( if( output_size < expected_output_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) if( operation->alg == PSA_ALG_ECB_NO_PADDING ) { /* mbedtls_cipher_update has an API inconsistency: it will only @@ -381,6 +416,7 @@ psa_status_t mbedtls_psa_cipher_update( output_length ); } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */ { status = mbedtls_to_psa_error( mbedtls_cipher_update( &operation->ctx.cipher, input, @@ -478,9 +514,10 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, if( status != PSA_SUCCESS ) goto exit; - status = mbedtls_psa_cipher_finish( &operation, output + update_output_length, - output_size - update_output_length, - &finish_output_length ); + status = mbedtls_psa_cipher_finish( + &operation, + mbedtls_buffer_offset( output, update_output_length ), + output_size - update_output_length, &finish_output_length ); if( status != PSA_SUCCESS ) goto exit; @@ -524,17 +561,20 @@ psa_status_t mbedtls_psa_cipher_decrypt( goto exit; } - status = mbedtls_psa_cipher_update( &operation, input + operation.iv_length, - input_length - operation.iv_length, - output, output_size, &olength ); + status = mbedtls_psa_cipher_update( + &operation, + mbedtls_buffer_offset_const( input, operation.iv_length ), + input_length - operation.iv_length, + output, output_size, &olength ); if( status != PSA_SUCCESS ) goto exit; accumulated_length = olength; - status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length, - output_size - accumulated_length, - &olength ); + status = mbedtls_psa_cipher_finish( + &operation, + mbedtls_buffer_offset( output, accumulated_length ), + output_size - accumulated_length, &olength ); if( status != PSA_SUCCESS ) goto exit; diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_cipher.h b/vendor/mbedtls/library/psa_crypto_cipher.h similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_cipher.h rename to vendor/mbedtls/library/psa_crypto_cipher.h index fae98473c4..3bd5360cda 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_cipher.h +++ b/vendor/mbedtls/library/psa_crypto_cipher.h @@ -1,5 +1,5 @@ /* - * PSA cipher driver entry points + * PSA cipher driver entry points and associated auxiliary functions */ /* * Copyright The Mbed TLS Contributors diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_client.c b/vendor/mbedtls/library/psa_crypto_client.c similarity index 96% rename from vendor/mbedtls/2.28.0/library/psa_crypto_client.c rename to vendor/mbedtls/library/psa_crypto_client.c index 629feb7dfa..ab79086346 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_client.c +++ b/vendor/mbedtls/library/psa_crypto_client.c @@ -25,10 +25,6 @@ #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif void psa_reset_key_attributes( psa_key_attributes_t *attributes ) { diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_core.h b/vendor/mbedtls/library/psa_crypto_core.h similarity index 96% rename from vendor/mbedtls/2.28.0/library/psa_crypto_core.h rename to vendor/mbedtls/library/psa_crypto_core.h index 4420ec2569..0d8f71f9db 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_core.h +++ b/vendor/mbedtls/library/psa_crypto_core.h @@ -250,22 +250,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, */ psa_status_t mbedtls_to_psa_error( int ret ); -/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier - * as well as the PSA type and size of the key to be used with the cipher - * algorithm. - * - * \param alg PSA cipher algorithm identifier - * \param key_type PSA key type - * \param key_bits Size of the key in bits - * \param[out] cipher_id Mbed TLS cipher algorithm identifier - * - * \return The Mbed TLS cipher information of the cipher algorithm. - * \c NULL if the PSA cipher algorithm is not supported. - */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( - psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits, - mbedtls_cipher_id_t *cipher_id ); - /** Import a key in binary format. * * \note The signature of this function is that of a PSA driver diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_driver_wrappers.c b/vendor/mbedtls/library/psa_crypto_driver_wrappers.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_driver_wrappers.c rename to vendor/mbedtls/library/psa_crypto_driver_wrappers.c index 16166fc5a5..c455ecb939 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_driver_wrappers.c +++ b/vendor/mbedtls/library/psa_crypto_driver_wrappers.c @@ -854,6 +854,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( (void)key_buffer; (void)key_buffer_size; (void)alg; + (void)iv; + (void)iv_length; (void)input; (void)input_length; (void)output; diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_driver_wrappers.h b/vendor/mbedtls/library/psa_crypto_driver_wrappers.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_driver_wrappers.h rename to vendor/mbedtls/library/psa_crypto_driver_wrappers.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_ecp.c b/vendor/mbedtls/library/psa_crypto_ecp.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_ecp.c rename to vendor/mbedtls/library/psa_crypto_ecp.c index db6682c6dc..144d7fd244 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_ecp.c +++ b/vendor/mbedtls/library/psa_crypto_ecp.c @@ -31,10 +31,6 @@ #include #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include #include diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_ecp.h b/vendor/mbedtls/library/psa_crypto_ecp.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_ecp.h rename to vendor/mbedtls/library/psa_crypto_ecp.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_hash.c b/vendor/mbedtls/library/psa_crypto_hash.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_hash.c rename to vendor/mbedtls/library/psa_crypto_hash.c diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_hash.h b/vendor/mbedtls/library/psa_crypto_hash.h similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_hash.h rename to vendor/mbedtls/library/psa_crypto_hash.h index 6b27c9b820..b99b94286d 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_hash.h +++ b/vendor/mbedtls/library/psa_crypto_hash.h @@ -175,7 +175,7 @@ psa_status_t mbedtls_psa_hash_update( * This function calculates the hash of the message formed by concatenating * the inputs passed to preceding calls to mbedtls_psa_hash_update(). * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling mbedtls_psa_hash_abort(). * diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_invasive.h b/vendor/mbedtls/library/psa_crypto_invasive.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_invasive.h rename to vendor/mbedtls/library/psa_crypto_invasive.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_its.h b/vendor/mbedtls/library/psa_crypto_its.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_its.h rename to vendor/mbedtls/library/psa_crypto_its.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_mac.c b/vendor/mbedtls/library/psa_crypto_mac.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_mac.c rename to vendor/mbedtls/library/psa_crypto_mac.c index dcf065a672..d771e23e1b 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_mac.c +++ b/vendor/mbedtls/library/psa_crypto_mac.c @@ -24,6 +24,7 @@ #include #include "psa_crypto_core.h" +#include "psa_crypto_cipher.h" #include "psa_crypto_mac.h" #include diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_mac.h b/vendor/mbedtls/library/psa_crypto_mac.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_mac.h rename to vendor/mbedtls/library/psa_crypto_mac.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_random_impl.h b/vendor/mbedtls/library/psa_crypto_random_impl.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_random_impl.h rename to vendor/mbedtls/library/psa_crypto_random_impl.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_rsa.c b/vendor/mbedtls/library/psa_crypto_rsa.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_rsa.c rename to vendor/mbedtls/library/psa_crypto_rsa.c index bafb55c7d4..d07cdcea15 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_rsa.c +++ b/vendor/mbedtls/library/psa_crypto_rsa.c @@ -31,10 +31,6 @@ #include #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include #include diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_rsa.h b/vendor/mbedtls/library/psa_crypto_rsa.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_rsa.h rename to vendor/mbedtls/library/psa_crypto_rsa.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_se.c b/vendor/mbedtls/library/psa_crypto_se.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_se.c rename to vendor/mbedtls/library/psa_crypto_se.c index 56678d6a90..87d2634e73 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_se.c +++ b/vendor/mbedtls/library/psa_crypto_se.c @@ -38,10 +38,6 @@ #endif #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_se.h b/vendor/mbedtls/library/psa_crypto_se.h similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_se.h rename to vendor/mbedtls/library/psa_crypto_se.h index 710426168d..6d965ee10c 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_se.h +++ b/vendor/mbedtls/library/psa_crypto_se.h @@ -143,7 +143,7 @@ psa_status_t psa_find_se_slot_for_key( psa_se_drv_table_entry_t *driver, psa_key_slot_number_t *slot_number ); -/** Destoy a key in a secure element. +/** Destroy a key in a secure element. * * This function calls the relevant driver method to destroy a key * and updates the driver's persistent data. diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_slot_management.c b/vendor/mbedtls/library/psa_crypto_slot_management.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_slot_management.c rename to vendor/mbedtls/library/psa_crypto_slot_management.c index 6f69fc8838..3fba736401 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_slot_management.c +++ b/vendor/mbedtls/library/psa_crypto_slot_management.c @@ -34,12 +34,7 @@ #include #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_slot_management.h b/vendor/mbedtls/library/psa_crypto_slot_management.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_slot_management.h rename to vendor/mbedtls/library/psa_crypto_slot_management.h diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_storage.c b/vendor/mbedtls/library/psa_crypto_storage.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/psa_crypto_storage.c rename to vendor/mbedtls/library/psa_crypto_storage.c index b485c50c69..24bfdae127 100644 --- a/vendor/mbedtls/2.28.0/library/psa_crypto_storage.c +++ b/vendor/mbedtls/library/psa_crypto_storage.c @@ -36,13 +36,7 @@ #include "psa/internal_trusted_storage.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /****************************************************************/ /* Key storage */ @@ -347,6 +341,7 @@ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, status = psa_crypto_storage_store( attr->id, storage_data, storage_data_length ); + mbedtls_platform_zeroize( storage_data, storage_data_length ); mbedtls_free( storage_data ); return( status ); @@ -392,6 +387,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, status = PSA_ERROR_STORAGE_FAILURE; exit: + mbedtls_platform_zeroize( loaded_data, storage_data_length ); mbedtls_free( loaded_data ); return( status ); } diff --git a/vendor/mbedtls/2.28.0/library/psa_crypto_storage.h b/vendor/mbedtls/library/psa_crypto_storage.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/psa_crypto_storage.h rename to vendor/mbedtls/library/psa_crypto_storage.h diff --git a/vendor/mbedtls/2.28.0/library/psa_its_file.c b/vendor/mbedtls/library/psa_its_file.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/psa_its_file.c rename to vendor/mbedtls/library/psa_its_file.c index c4782cdba3..ddd9fa977d 100644 --- a/vendor/mbedtls/2.28.0/library/psa_its_file.c +++ b/vendor/mbedtls/library/psa_its_file.c @@ -22,11 +22,7 @@ #if defined(MBEDTLS_PSA_ITS_FILE_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_snprintf snprintf -#endif #if defined(_WIN32) #include @@ -184,6 +180,11 @@ psa_status_t psa_its_set( psa_storage_uid_t uid, const void *p_data, psa_storage_create_flags_t create_flags ) { + if( uid == 0 ) + { + return( PSA_ERROR_INVALID_HANDLE ); + } + psa_status_t status = PSA_ERROR_STORAGE_FAILURE; char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; FILE *stream = NULL; diff --git a/vendor/mbedtls/2.28.0/library/ripemd160.c b/vendor/mbedtls/library/ripemd160.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/ripemd160.c rename to vendor/mbedtls/library/ripemd160.c index aed7322cff..55e259e192 100644 --- a/vendor/mbedtls/2.28.0/library/ripemd160.c +++ b/vendor/mbedtls/library/ripemd160.c @@ -33,14 +33,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_RIPEMD160_ALT) diff --git a/vendor/mbedtls/2.28.0/library/rsa.c b/vendor/mbedtls/library/rsa.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/rsa.c rename to vendor/mbedtls/library/rsa.c index 8a5d40ff1e..9c39fa5d91 100644 --- a/vendor/mbedtls/2.28.0/library/rsa.c +++ b/vendor/mbedtls/library/rsa.c @@ -57,14 +57,7 @@ #include #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if !defined(MBEDTLS_RSA_ALT) @@ -832,10 +825,10 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, * the more bits of the key can be recovered. See [3]. * * Collecting n collisions with m bit long blinding value requires 2^(m-m/n) - * observations on avarage. + * observations on average. * * For example with 28 byte blinding to achieve 2 collisions the adversary has - * to make 2^112 observations on avarage. + * to make 2^112 observations on average. * * (With the currently (as of 2017 April) known best algorithms breaking 2048 * bit RSA requires approximately as much time as trying out 2^112 random keys. diff --git a/vendor/mbedtls/2.28.0/library/rsa_internal.c b/vendor/mbedtls/library/rsa_internal.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/rsa_internal.c rename to vendor/mbedtls/library/rsa_internal.c diff --git a/vendor/mbedtls/2.28.0/library/sha1.c b/vendor/mbedtls/library/sha1.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/sha1.c rename to vendor/mbedtls/library/sha1.c index 0a5edafaff..7f0c8757db 100644 --- a/vendor/mbedtls/2.28.0/library/sha1.c +++ b/vendor/mbedtls/library/sha1.c @@ -32,14 +32,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #define SHA1_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA ) diff --git a/vendor/mbedtls/2.28.0/library/sha256.c b/vendor/mbedtls/library/sha256.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/sha256.c rename to vendor/mbedtls/library/sha256.c index db675efd1b..6f1306ee66 100644 --- a/vendor/mbedtls/2.28.0/library/sha256.c +++ b/vendor/mbedtls/library/sha256.c @@ -32,17 +32,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #define SHA256_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) diff --git a/vendor/mbedtls/2.28.0/library/sha512.c b/vendor/mbedtls/library/sha512.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/sha512.c rename to vendor/mbedtls/library/sha512.c index 02a135ca92..1a6872c8aa 100644 --- a/vendor/mbedtls/2.28.0/library/sha512.c +++ b/vendor/mbedtls/library/sha512.c @@ -38,17 +38,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #define SHA512_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ) @@ -428,9 +418,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, sha512_put_uint64_be( ctx->state[4], output, 32 ); sha512_put_uint64_be( ctx->state[5], output, 40 ); + int truncated = 0; #if !defined(MBEDTLS_SHA512_NO_SHA384) - if( ctx->is384 == 0 ) + truncated = ctx->is384; #endif + if( !truncated ) { sha512_put_uint64_be( ctx->state[6], output, 48 ); sha512_put_uint64_be( ctx->state[7], output, 56 ); diff --git a/vendor/mbedtls/2.28.0/library/ssl_cache.c b/vendor/mbedtls/library/ssl_cache.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/ssl_cache.c rename to vendor/mbedtls/library/ssl_cache.c index 32188cf3f6..7a600cad18 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_cache.c +++ b/vendor/mbedtls/library/ssl_cache.c @@ -25,13 +25,7 @@ #if defined(MBEDTLS_SSL_CACHE_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl_cache.h" #include "mbedtls/ssl_internal.h" diff --git a/vendor/mbedtls/2.28.0/library/ssl_ciphersuites.c b/vendor/mbedtls/library/ssl_ciphersuites.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/ssl_ciphersuites.c rename to vendor/mbedtls/library/ssl_ciphersuites.c index 3826ad27fa..2bc8a9bba0 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_ciphersuites.c +++ b/vendor/mbedtls/library/ssl_ciphersuites.c @@ -23,11 +23,7 @@ #if defined(MBEDTLS_SSL_TLS_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#endif #include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/ssl.h" @@ -2181,6 +2177,7 @@ const int *mbedtls_ssl_list_ciphersuites( void ) static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_init = 0; +MBEDTLS_CHECK_RETURN_CRITICAL static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info ) { (void)cs_info; diff --git a/vendor/mbedtls/2.28.0/library/ssl_cli.c b/vendor/mbedtls/library/ssl_cli.c similarity index 97% rename from vendor/mbedtls/2.28.0/library/ssl_cli.c rename to vendor/mbedtls/library/ssl_cli.c index b87879ce6a..b40ddb70b4 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_cli.c +++ b/vendor/mbedtls/library/ssl_cli.c @@ -21,13 +21,7 @@ #if defined(MBEDTLS_SSL_CLI_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -53,6 +47,7 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) { if( conf->psk_identity == NULL || @@ -73,6 +68,7 @@ static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) } #if defined(MBEDTLS_USE_PSA_CRYPTO) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) { if( conf->psk_identity == NULL || @@ -91,6 +87,7 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -161,6 +158,7 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -170,7 +168,7 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, *olen = 0; - /* We're always including an TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the + /* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the * initial ClientHello, in which case also adding the renegotiation * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) @@ -204,6 +202,7 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -302,6 +301,7 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -373,6 +373,7 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -404,6 +405,7 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -477,6 +479,7 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -523,6 +526,7 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -555,6 +559,7 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -585,6 +590,7 @@ static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -616,6 +622,7 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -647,6 +654,7 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -689,6 +697,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -748,6 +757,7 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, @@ -868,6 +878,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, /* * Generate random bytes for ClientHello */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_generate_random( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -917,6 +928,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * * \return 0 if valid, else 1 */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info, const mbedtls_ssl_context * ssl, @@ -960,6 +972,7 @@ static int ssl_validate_ciphersuite( return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -985,9 +998,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_NO_RNG ); } + int renegotiating = 0; #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) + renegotiating = 1; #endif + if( !renegotiating ) { ssl->major_ver = ssl->conf->min_major_ver; ssl->minor_ver = ssl->conf->min_minor_ver; @@ -1073,9 +1089,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * RFC 5077 section 3.4: "When presenting a ticket, the client MAY * generate and include a Session ID in the TLS ClientHello." */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) -#endif + if( !renegotiating ) { if( ssl->session_negotiate->ticket != NULL && ssl->session_negotiate->ticket_len != 0 ) @@ -1190,9 +1204,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) -#endif + if( !renegotiating ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); @@ -1450,6 +1462,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1494,6 +1507,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1520,6 +1534,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1545,6 +1560,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1601,6 +1617,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1627,6 +1644,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1653,6 +1671,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1679,6 +1698,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1724,6 +1744,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1758,6 +1779,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { @@ -1828,6 +1850,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1948,6 +1971,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Parse HelloVerifyRequest. Only called after verifying the HS type. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) { const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); @@ -2031,6 +2055,31 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ +static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp ) +{ + int bad_comp = 0; + + /* Suppress warnings in some configurations */ + (void) ssl; +#if defined(MBEDTLS_ZLIB_SUPPORT) + /* See comments in ssl_write_client_hello() */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + comp != MBEDTLS_SSL_COMPRESS_NULL ) + bad_comp = 1; +#endif + + if( comp != MBEDTLS_SSL_COMPRESS_NULL && + comp != MBEDTLS_SSL_COMPRESS_DEFLATE ) + bad_comp = 1; +#else /* MBEDTLS_ZLIB_SUPPORT */ + if( comp != MBEDTLS_SSL_COMPRESS_NULL ) + bad_comp = 1; +#endif/* MBEDTLS_ZLIB_SUPPORT */ + return bad_comp; +} + +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) { int ret, i; @@ -2038,9 +2087,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) size_t ext_len; unsigned char *buf, *ext; unsigned char comp; -#if defined(MBEDTLS_ZLIB_SUPPORT) - int accept_comp; -#endif #if defined(MBEDTLS_SSL_RENEGOTIATION) int renegotiation_info_seen = 0; #endif @@ -2209,20 +2255,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) */ comp = buf[37 + n]; -#if defined(MBEDTLS_ZLIB_SUPPORT) - /* See comments in ssl_write_client_hello() */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - accept_comp = 0; - else -#endif - accept_comp = 1; - - if( comp != MBEDTLS_SSL_COMPRESS_NULL && - ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) ) -#else /* MBEDTLS_ZLIB_SUPPORT */ - if( comp != MBEDTLS_SSL_COMPRESS_NULL ) -#endif/* MBEDTLS_ZLIB_SUPPORT */ + if( is_compression_bad( ssl, comp ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) ); @@ -2276,16 +2309,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) else { ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; - - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( ret ); - } } MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", @@ -2537,6 +2560,24 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } } + /* + * mbedtls_ssl_derive_keys() has to be called after the parsing of the + * extensions. It sets the transform data for the resumed session which in + * case of DTLS includes the server CID extracted from the CID extension. + */ + if( ssl->handshake->resume ) + { + if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + return( ret ); + } + } + /* * Renegotiation security checks */ @@ -2591,6 +2632,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ) @@ -2637,6 +2679,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) { const mbedtls_ecp_curve_info *curve_info; @@ -2645,7 +2688,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) grp_id = ssl->handshake->ecdh_ctx.grp.id; #else grp_id = ssl->handshake->ecdh_ctx.grp_id; -#endif +#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */ curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); if( curve_info == NULL ) @@ -2658,11 +2701,12 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_ECP_C) if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) + return( -1 ); #else if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || ssl->handshake->ecdh_ctx.grp.nbits > 521 ) -#endif return( -1 ); +#endif /* MBEDTLS_ECP_C */ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_QP ); @@ -2678,6 +2722,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ) @@ -2703,6 +2748,10 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, tls_id <<= 8; tls_id |= *(*p)++; + /* Check it's a curve we offered */ + if( mbedtls_ssl_check_curve_tls_id( ssl, tls_id ) != 0 ) + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + /* Convert EC group to PSA key type. */ if( ( handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 ) @@ -2740,6 +2789,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ) @@ -2779,6 +2829,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ) @@ -2809,8 +2860,8 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, } /* - * Note: we currently ignore the PKS identity hint, as we only allow one - * PSK to be provisionned on the client. This could be changed later if + * Note: we currently ignore the PSK identity hint, as we only allow one + * PSK to be provisioned on the client. This could be changed later if * someone needs that feature. */ *p += len; @@ -2825,6 +2876,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, /* * Generate a pre-master secret and encrypt it with the server's RSA key */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, size_t offset, size_t *olen, size_t pms_offset ) @@ -2912,6 +2964,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end, @@ -2978,6 +3031,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -2996,6 +3050,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* This is a public key, so it can't be opaque, so can_do() is a good + * enough check to ensure pk_ec() is safe to use below. */ if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); @@ -3029,6 +3085,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3147,7 +3204,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - } /* FALLTROUGH */ + } /* FALLTHROUGH */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ @@ -3397,23 +3454,23 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ssl->handshake->ecrs_enabled ) rs_ctx = &ssl->handshake->ecrs_ctx.pk; -#endif +#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */ if( ( ret = mbedtls_pk_verify_restartable( peer_pk, md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) { -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) -#endif - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; -#endif + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); + return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ); + } +#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */ + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); return( ret ); } @@ -3435,6 +3492,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) } #if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -3453,6 +3511,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3624,6 +3683,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3663,6 +3723,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3718,7 +3779,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t key_attributes; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -3761,13 +3823,19 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) own_pubkey, sizeof( own_pubkey ), &own_pubkey_len ); if( status != PSA_SUCCESS ) + { + psa_destroy_key( handshake->ecdh_psa_privkey ); + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey, own_pubkey_len, &own_pubkey_ecpoint, &own_pubkey_ecpoint_len ) != 0 ) { + psa_destroy_key( handshake->ecdh_psa_privkey ); + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } @@ -3787,13 +3855,12 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) ssl->handshake->premaster, sizeof( ssl->handshake->premaster ), &ssl->handshake->pmslen ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - status = psa_destroy_key( handshake->ecdh_psa_privkey ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey ); handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + + if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } else #endif /* MBEDTLS_USE_PSA_CRYPTO && @@ -3918,7 +3985,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only suites. */ if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ if( ( ret = ssl_write_encrypted_pms( ssl, header_len, @@ -3933,7 +4003,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only suites. */ if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* @@ -3970,7 +4043,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only suites. */ if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* @@ -4080,6 +4156,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -4105,6 +4182,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; @@ -4277,6 +4355,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/vendor/mbedtls/2.28.0/library/ssl_cookie.c b/vendor/mbedtls/library/ssl_cookie.c similarity index 97% rename from vendor/mbedtls/2.28.0/library/ssl_cookie.c rename to vendor/mbedtls/library/ssl_cookie.c index abf29ae717..f12f28e849 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_cookie.c +++ b/vendor/mbedtls/library/ssl_cookie.c @@ -25,12 +25,7 @@ #if defined(MBEDTLS_SSL_COOKIE_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" @@ -63,7 +58,7 @@ /* * Cookies are formed of a 4-bytes timestamp (or serial number) and - * an HMAC of timestemp and client ID. + * an HMAC of timestamp and client ID. */ #define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN ) @@ -122,6 +117,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, /* * Generate the HMAC part of a cookie */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx, const unsigned char time[4], unsigned char **p, unsigned char *end, diff --git a/vendor/mbedtls/2.28.0/library/ssl_msg.c b/vendor/mbedtls/library/ssl_msg.c similarity index 97% rename from vendor/mbedtls/2.28.0/library/ssl_msg.c rename to vendor/mbedtls/library/ssl_msg.c index 0b696dd561..d7bebe04d6 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_msg.c +++ b/vendor/mbedtls/library/ssl_msg.c @@ -30,13 +30,7 @@ #if defined(MBEDTLS_SSL_TLS_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -91,6 +85,7 @@ int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_RECORD_CHECKING) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, unsigned char *buf, size_t len, @@ -165,11 +160,16 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, uint8_t slot ); static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_buffer_message( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, mbedtls_record const *rec ); +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ); static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl ) @@ -187,6 +187,7 @@ static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl ) return( out_buf_len ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl ) { size_t const bytes_written = ssl->out_left; @@ -203,6 +204,7 @@ static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl ) return( (int) ( mtu - bytes_written ) ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -254,6 +256,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl * Double the retransmit timeout value, within the allowed range, * returning -1 if the maximum value has already been reached. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) { uint32_t new_timeout; @@ -353,6 +356,7 @@ static size_t ssl_compute_padding_length( size_t len, * - A negative error code if `max_len` didn't offer enough space * for the expansion. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_build_inner_plaintext( unsigned char *content, size_t *content_size, size_t remaining, @@ -380,6 +384,7 @@ static int ssl_build_inner_plaintext( unsigned char *content, /* This function parses a (D)TLSInnerPlaintext structure. * See ssl_build_inner_plaintext() for details. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_inner_plaintext( unsigned char const *content, size_t *content_size, uint8_t *rec_type ) @@ -430,9 +435,12 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, unsigned char *cur = add_data; + int is_tls13 = 0; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + is_tls13 = 1; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + if( !is_tls13 ) { ((void) minor_ver); memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); @@ -474,6 +482,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, /* * SSLv3.0 MAC functions */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_mac( mbedtls_md_context_t *md_ctx, const unsigned char *secret, const unsigned char *buf, size_t len, @@ -541,6 +550,7 @@ static int ssl_mac( mbedtls_md_context_t *md_ctx, #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_transform_aead_dynamic_iv_is_explicit( mbedtls_ssl_transform const *transform ) { @@ -1245,7 +1255,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, add_data, add_data_len ); /* Because of the check above, we know that there are - * explicit_iv_len Bytes preceeding data, and taglen + * explicit_iv_len Bytes preceding data, and taglen * bytes following data + data_len. This justifies * the debug message and the invocation of * mbedtls_cipher_auth_decrypt() below. */ @@ -1590,8 +1600,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) if( auth_done == 0 ) { - unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; - unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD]; + unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 }; + unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 }; /* If the initial value of padlen was such that * data_len < maclen + padlen + 1, then padlen @@ -1738,6 +1748,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* * Compression/decompression functions */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_compress_buf( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1790,6 +1801,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1872,8 +1884,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " - "or mbedtls_ssl_set_bio()" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2088,8 +2099,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ssl->f_send == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " - "or mbedtls_ssl_set_bio()" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2149,6 +2159,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) /* * Append current handshake message to current outgoing flight */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_flight_append( mbedtls_ssl_context *ssl ) { mbedtls_ssl_flight_item *msg; @@ -2215,6 +2226,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ) /* * Swap transform_out and out_ctr with the alternative ones */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) { mbedtls_ssl_transform *tmp_transform; @@ -2857,6 +2869,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) #if defined(MBEDTLS_SSL_PROTO_DTLS) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen < ssl->in_hslen || @@ -2882,6 +2895,7 @@ static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) ssl->in_msg[8] ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) { uint32_t msg_len, frag_off, frag_len; @@ -2948,6 +2962,7 @@ static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) /* * Check that bitmask is full */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_bitmask_check( unsigned char *mask, size_t len ) { size_t i; @@ -3147,6 +3162,7 @@ static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) ( (uint64_t) buf[5] ) ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3229,8 +3245,8 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) /* - * Without any SSL context, check if a datagram looks like a ClientHello with - * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message. + * Check if a datagram looks like a ClientHello with a valid cookie, + * and if it doesn't, generate a HelloVerifyRequest message. * Both input and output include full DTLS headers. * * - if cookie is valid, return 0 @@ -3239,10 +3255,10 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED * - otherwise return a specific error code */ -static int ssl_check_dtls_clihlo_cookie( - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie, +MBEDTLS_CHECK_RETURN_CRITICAL +MBEDTLS_STATIC_TESTABLE +int mbedtls_ssl_check_dtls_clihlo_cookie( + mbedtls_ssl_context *ssl, const unsigned char *cli_id, size_t cli_id_len, const unsigned char *in, size_t in_len, unsigned char *obuf, size_t buf_len, size_t *olen ) @@ -3276,26 +3292,53 @@ static int ssl_check_dtls_clihlo_cookie( * * Minimum length is 61 bytes. */ - if( in_len < 61 || - in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || + MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: in_len=%u", + (unsigned) in_len ) ); + MBEDTLS_SSL_DEBUG_BUF( 4, "cli_id", cli_id, cli_id_len ); + if( in_len < 61 ) + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: record too short" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + if( in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || in[3] != 0 || in[4] != 0 || in[19] != 0 || in[20] != 0 || in[21] != 0 ) { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: not a good ClientHello" ) ); + MBEDTLS_SSL_DEBUG_MSG( 4, ( " type=%u epoch=%u fragment_offset=%u", + in[0], + (unsigned) in[3] << 8 | in[4], + (unsigned) in[19] << 16 | in[20] << 8 | in[21] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } sid_len = in[59]; - if( sid_len > in_len - 61 ) + if( 59 + 1 + sid_len + 1 > in_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: sid_len=%u > %u", + (unsigned) sid_len, + (unsigned) in_len - 61 ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + MBEDTLS_SSL_DEBUG_BUF( 4, "sid received from network", + in + 60, sid_len ); cookie_len = in[60 + sid_len]; - if( cookie_len > in_len - 60 ) + if( 59 + 1 + sid_len + 1 + cookie_len > in_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: cookie_len=%u > %u", + (unsigned) cookie_len, + (unsigned) ( in_len - sid_len - 61 ) ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } - if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, - cli_id, cli_id_len ) == 0 ) + MBEDTLS_SSL_DEBUG_BUF( 4, "cookie received from network", + in + sid_len + 61, cookie_len ); + if( ssl->conf->f_cookie_check( ssl->conf->p_cookie, + in + sid_len + 61, cookie_len, + cli_id, cli_id_len ) == 0 ) { - /* Valid cookie */ + MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: valid" ) ); return( 0 ); } @@ -3330,8 +3373,9 @@ static int ssl_check_dtls_clihlo_cookie( /* Generate and write actual cookie */ p = obuf + 28; - if( f_cookie_write( p_cookie, - &p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) + if( ssl->conf->f_cookie_write( ssl->conf->p_cookie, + &p, obuf + buf_len, + cli_id, cli_id_len ) != 0 ) { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -3370,6 +3414,7 @@ static int ssl_check_dtls_clihlo_cookie( * includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected * errors, and is the right thing to do in both cases). */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3385,15 +3430,13 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) return( 0 ); } - ret = ssl_check_dtls_clihlo_cookie( - ssl->conf->f_cookie_write, - ssl->conf->f_cookie_check, - ssl->conf->p_cookie, + ret = mbedtls_ssl_check_dtls_clihlo_cookie( + ssl, ssl->cli_id, ssl->cli_id_len, ssl->in_buf, ssl->in_left, ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len ); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret ); + MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret ); if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { @@ -3427,6 +3470,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_record_type( uint8_t record_type ) { if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE && @@ -3459,6 +3503,7 @@ static int ssl_check_record_type( uint8_t record_type ) * Point 2 is needed when the peer is resending, and we have already received * the first record from a datagram but are still waiting for the others. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, unsigned char *buf, size_t len, @@ -3571,7 +3616,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, /* * Parse and validate record version */ - rec->ver[0] = buf[ rec_hdr_version_offset + 0 ]; rec->ver[1] = buf[ rec_hdr_version_offset + 1 ]; mbedtls_ssl_read_version( &major_ver, &minor_ver, @@ -3580,16 +3624,19 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, if( major_ver != ssl->major_ver ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch: got %u, expected %u", + (unsigned) major_ver, + (unsigned) ssl->major_ver ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } if( minor_ver > ssl->conf->max_minor_ver ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch: got %u, expected max %u", + (unsigned) minor_ver, + (unsigned) ssl->conf->max_minor_ver ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - /* * Parse/Copy record sequence number. */ @@ -3692,6 +3739,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) { unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; @@ -3721,6 +3769,7 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) /* * If applicable, decrypt record content */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, mbedtls_record *rec ) { @@ -3854,7 +3903,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, /* Check actual (decrypted) record content length against * configured maximum. */ - if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) + if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); @@ -3872,8 +3921,11 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, */ /* Helper functions for mbedtls_ssl_read_record(). */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_consume_current_message( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_next_record( mbedtls_ssl_context *ssl ); +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, @@ -3893,8 +3945,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, if( ssl_record_is_in_progress( ssl ) == 0 ) { + int dtls_have_buffered = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) - int have_buffered = 0; /* We only check for buffered messages if the * current datagram is fully consumed. */ @@ -3902,11 +3954,11 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, ssl_next_record_is_in_datagram( ssl ) == 0 ) { if( ssl_load_buffered_message( ssl ) == 0 ) - have_buffered = 1; + dtls_have_buffered = 1; } - if( have_buffered == 0 ) #endif /* MBEDTLS_SSL_PROTO_DTLS */ + if( dtls_have_buffered == 0 ) { ret = ssl_get_next_record( ssl ); if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ) @@ -3961,6 +4013,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_DTLS) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ) { if( ssl->in_left > ssl->next_record_offset ) @@ -3969,6 +4022,7 @@ static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ) return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; @@ -3978,7 +4032,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) if( hs == NULL ) return( -1 ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_message" ) ); if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) @@ -4066,6 +4120,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) return( ret ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_buffer_make_space( mbedtls_ssl_context *ssl, size_t desired ) { @@ -4108,6 +4163,7 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl, return( -1 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_buffer_message( mbedtls_ssl_context *ssl ) { int ret = 0; @@ -4312,6 +4368,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) { /* @@ -4399,6 +4456,7 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen > 0 ) @@ -4425,6 +4483,7 @@ static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ) } } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; @@ -4482,6 +4541,7 @@ static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, mbedtls_record const *rec ) { @@ -4540,6 +4600,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_DTLS */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_next_record( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -4918,6 +4979,9 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if( ssl->out_left != 0 ) + return( mbedtls_ssl_flush_output( ssl ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message )); @@ -5287,6 +5351,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) /* * Check record counters and renegotiate if they're above the limit. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) { size_t ep_len = mbedtls_ssl_ep_len( ssl ); @@ -5637,6 +5702,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * Therefore, it is possible that the input message length is 0 and the * corresponding return code is 0 on success. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_real( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { @@ -5708,6 +5774,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, * remember whether we already did the split or not. */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_split( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { @@ -5790,9 +5857,6 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); - if( ssl->out_left != 0 ) - return( mbedtls_ssl_flush_output( ssl ) ); - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) { if( ( ret = mbedtls_ssl_send_alert_message( ssl, diff --git a/vendor/mbedtls/2.28.0/library/ssl_srv.c b/vendor/mbedtls/library/ssl_srv.c similarity index 97% rename from vendor/mbedtls/2.28.0/library/ssl_srv.c rename to vendor/mbedtls/library/ssl_srv.c index 1a63173204..0563c0b590 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_srv.c +++ b/vendor/mbedtls/library/ssl_srv.c @@ -21,13 +21,7 @@ #if defined(MBEDTLS_SSL_SRV_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -78,6 +72,7 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -147,6 +142,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) { if( conf->f_psk != NULL ) @@ -167,6 +163,7 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) } #if defined(MBEDTLS_USE_PSA_CRYPTO) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) { if( ssl->conf->f_psk != NULL ) @@ -188,6 +185,7 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -239,6 +237,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, * This needs to be done at a later stage. * */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -317,6 +316,7 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -383,6 +383,7 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -425,6 +426,7 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -454,6 +456,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -473,6 +476,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -545,6 +549,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -567,6 +572,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -592,6 +598,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -617,6 +624,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) @@ -691,6 +699,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { @@ -779,6 +788,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -907,6 +917,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Return 0 if the given key uses one of the acceptable curves, -1 otherwise */ #if defined(MBEDTLS_ECDSA_C) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_key_curve( mbedtls_pk_context *pk, const mbedtls_ecp_curve_info **curves ) { @@ -928,6 +939,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk, * Try picking a certificate for this ciphersuite, * return 0 on success and -1 on failure. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_pick_cert( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t * ciphersuite_info ) { @@ -1032,6 +1044,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * Check if a given ciphersuite is suitable for use with our config/keys/etc * Sets ciphersuite_info only if the suite matches. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, const mbedtls_ssl_ciphersuite_t **ciphersuite_info ) { @@ -1147,6 +1160,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, } #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) { int ret, got_common_suite; @@ -1410,6 +1424,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) /* This function doesn't alert on errors that happen early during ClientHello parsing because they might indicate that the client is not talking SSL/TLS at all and would not understand our alert. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) { int ret, got_common_suite; @@ -1439,6 +1454,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); + int renegotiating = 0; #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) read_record_header: #endif @@ -1448,8 +1464,10 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) * ClientHello, which doesn't use the same record layer format. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) + renegotiating = 1; #endif + if( !renegotiating ) { if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 ) { @@ -1462,9 +1480,12 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) buf = ssl->in_hdr; #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) + int is_dtls = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM ) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + is_dtls = 1; #endif + if( !is_dtls ) if( ( buf[0] & 0x80 ) != 0 ) return( ssl_parse_client_hello_v2( ssl ) ); #endif @@ -1583,7 +1604,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) * Handshake layer: * 0 . 0 handshake type * 1 . 3 handshake length - * 4 . 5 DTLS only: message seqence number + * 4 . 5 DTLS only: message sequence number * 6 . 8 DTLS only: fragment offset * 9 . 11 DTLS only: fragment length */ @@ -1604,11 +1625,19 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d", ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) ); + if( buf[1] != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != 0", + (unsigned) buf[1] ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } /* We don't support fragmentation of ClientHello (yet?) */ - if( buf[1] != 0 || - msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) + if( msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != %u + %u", + (unsigned) msg_len, + (unsigned) mbedtls_ssl_hs_hdr_len( ssl ), + (unsigned) ( buf[2] << 8 ) | buf[3] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } @@ -1649,6 +1678,11 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) * For now we don't support fragmentation, so make sure * fragment_offset == 0 and fragment_length == length */ + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "fragment_offset=%u fragment_length=%u length=%u", + (unsigned) ( ssl->in_msg[6] << 16 | ssl->in_msg[7] << 8 | ssl->in_msg[8] ), + (unsigned) ( ssl->in_msg[9] << 16 | ssl->in_msg[10] << 8 | ssl->in_msg[11] ), + (unsigned) ( ssl->in_msg[1] << 16 | ssl->in_msg[2] << 8 | ssl->in_msg[3] ) ) ); if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 || memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 ) { @@ -2354,12 +2388,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *suite = NULL; const mbedtls_cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - *olen = 0; - return; - } + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; /* * RFC 7366: "If a server receives an encrypt-then-MAC request extension @@ -2371,6 +2401,11 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ssl->session_negotiate->ciphersuite ) ) == NULL || ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || cipher->mode != MBEDTLS_MODE_CBC ) + { + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; + } + + if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) { *olen = 0; return; @@ -2685,6 +2720,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -2805,6 +2841,7 @@ static void ssl_handle_id_based_session_resumption( mbedtls_ssl_context *ssl ) mbedtls_ssl_session_free( &session_tmp ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_HAVE_TIME) @@ -3035,6 +3072,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -3053,6 +3091,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; @@ -3222,18 +3261,23 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_pk_context *own_key = mbedtls_ssl_own_key( ssl ); - if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) ) + /* Check if the key is a transparent ECDH key. + * This also ensures that it is safe to call mbedtls_pk_ec(). */ + if( mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY && + mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY_DH ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); } if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, - mbedtls_pk_ec( *mbedtls_ssl_own_key( ssl ) ), + mbedtls_pk_ec( *own_key ), MBEDTLS_ECDH_OURS ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret ); @@ -3247,6 +3291,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, size_t *signature_len ) { @@ -3274,6 +3319,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, /* Prepare the ServerKeyExchange message, up to and including * calculating the signature if any, but excluding formatting the * signature and sending the message. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, size_t *signature_len ) { @@ -3643,6 +3689,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * that do not include a ServerKeyExchange message, do nothing. Either * way, if successful, move on to the next step in the SSL state * machine. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3664,7 +3711,12 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) ) { - ssl_get_ecdh_params_from_cert( ssl ); + ret = ssl_get_ecdh_params_from_cert( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); + return( ret ); + } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ @@ -3740,6 +3792,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3779,6 +3832,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p, const unsigned char *end ) { @@ -3822,6 +3876,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, unsigned char *peer_pms, size_t *peer_pmslen, @@ -3839,6 +3894,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, const unsigned char *p, const unsigned char *end, @@ -3847,8 +3903,14 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, size_t peer_pmssize ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert( ssl ); + if( own_cert == NULL ) { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no local certificate" ) ); + return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); + } + mbedtls_pk_context *public_key = &own_cert->pk; mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl ); - mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk; size_t len = mbedtls_pk_get_len( public_key ); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -3931,6 +3993,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, return( ret ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, const unsigned char *p, const unsigned char *end, @@ -4020,6 +4083,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p, const unsigned char *end ) { @@ -4080,6 +4144,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -4207,7 +4272,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* For opaque PSKs, we perform the PSK-to-MS derivation atomatically + /* For opaque PSKs, we perform the PSK-to-MS derivation automatically * and skip the intermediate PMS. */ if( ssl_use_opaque_psk( ssl ) == 1 ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) ); @@ -4247,7 +4312,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only. */ if( ssl_use_opaque_psk( ssl ) == 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } #endif if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 ) @@ -4282,7 +4350,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only. */ if( ssl_use_opaque_psk( ssl ) == 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } #endif if( p != end ) @@ -4319,7 +4390,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only. */ if( ssl_use_opaque_psk( ssl ) == 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } #endif MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, @@ -4386,6 +4460,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -4404,6 +4479,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; @@ -4597,6 +4673,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/vendor/mbedtls/2.28.0/library/ssl_ticket.c b/vendor/mbedtls/library/ssl_ticket.c similarity index 92% rename from vendor/mbedtls/2.28.0/library/ssl_ticket.c rename to vendor/mbedtls/library/ssl_ticket.c index 046ed1b2ff..8a57789f10 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_ticket.c +++ b/vendor/mbedtls/library/ssl_ticket.c @@ -21,13 +21,7 @@ #if defined(MBEDTLS_SSL_TICKET_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_ticket.h" @@ -37,7 +31,7 @@ #include /* - * Initialze context + * Initialize context */ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) { @@ -66,6 +60,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) /* * Generate/update a key */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, unsigned char index ) { @@ -96,6 +91,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, /* * Rotate/generate keys if necessary */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) { #if !defined(MBEDTLS_HAVE_TIME) @@ -150,27 +146,45 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + int do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx, cipher_info, TICKET_AUTH_TAG_BYTES ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - return( ret ); - /* We don't yet expect to support all ciphers through PSA, - * so allow fallback to ordinary mbedtls_cipher_setup(). */ - if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) + + switch( ret ) + { + case 0: + do_mbedtls_cipher_setup = 0; + break; + case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: + /* We don't yet expect to support all ciphers through PSA, + * so allow fallback to ordinary mbedtls_cipher_setup(). */ + do_mbedtls_cipher_setup = 1; + break; + default: + return( ret ); + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ) - return( ret ); + if( do_mbedtls_cipher_setup ) + if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) + != 0 ) + return( ret ); + do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) + do_mbedtls_cipher_setup = 0; + ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx, cipher_info, TICKET_AUTH_TAG_BYTES ); if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) return( ret ); if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) + do_mbedtls_cipher_setup = 1; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 ) - return( ret ); + if( do_mbedtls_cipher_setup ) + if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) + != 0 ) + return( ret ); if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 || ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 ) diff --git a/vendor/mbedtls/2.28.0/library/ssl_tls.c b/vendor/mbedtls/library/ssl_tls.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/ssl_tls.c rename to vendor/mbedtls/library/ssl_tls.c index 2e6469de83..70196a4861 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_tls.c +++ b/vendor/mbedtls/library/ssl_tls.c @@ -29,13 +29,7 @@ #if defined(MBEDTLS_SSL_TLS_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -245,6 +239,7 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, } #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) +MBEDTLS_CHECK_RETURN_CRITICAL static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_old ) { unsigned char* resized_buffer = mbedtls_calloc( 1, len_new ); @@ -337,6 +332,7 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, * Key material generation */ #if defined(MBEDTLS_SSL_PROTO_SSL3) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl3_prf( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, @@ -398,6 +394,7 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) +MBEDTLS_CHECK_RETURN_CRITICAL static int tls1_prf( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, @@ -605,6 +602,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de return( PSA_SUCCESS ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_generic( mbedtls_md_type_t md_type, const unsigned char *secret, size_t slen, const char *label, @@ -679,6 +677,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, #else /* MBEDTLS_USE_PSA_CRYPTO */ +MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_generic( mbedtls_md_type_t md_type, const unsigned char *secret, size_t slen, const char *label, @@ -761,7 +760,9 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, exit: mbedtls_md_free( &md_ctx ); - mbedtls_platform_zeroize( tmp, tmp_len ); + if ( tmp != NULL ) + mbedtls_platform_zeroize( tmp, tmp_len ); + mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); mbedtls_free( tmp ); @@ -770,6 +771,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SHA256_C) +MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_sha256( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, @@ -781,6 +783,7 @@ static int tls_prf_sha256( const unsigned char *secret, size_t slen, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) +MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_sha384( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, @@ -825,6 +828,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char * #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) { if( ssl->conf->f_psk != NULL ) @@ -949,6 +953,7 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, * - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_populate_transform( mbedtls_ssl_transform *transform, int ciphersuite, const unsigned char master[48], @@ -976,6 +981,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_USE_PSA_CRYPTO) int psa_fallthrough; #endif /* MBEDTLS_USE_PSA_CRYPTO */ + int do_mbedtls_cipher_setup; unsigned char keyblk[256]; unsigned char *key1; unsigned char *key2; @@ -990,6 +996,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \ !defined(MBEDTLS_SSL_EXPORT_KEYS) && \ + !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ !defined(MBEDTLS_DEBUG_C) ssl = NULL; /* make sure we don't use it except for those cases */ (void) ssl; @@ -1353,6 +1360,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, } #endif + do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Only use PSA-based ciphers for TLS-1.2. @@ -1361,7 +1369,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * the structure field for the IV, which the PSA-based * implementation currently doesn't. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc, cipher_info, transform->taglen ); @@ -1388,15 +1396,18 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, psa_fallthrough = 1; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - if( psa_fallthrough == 1 ) + if( psa_fallthrough == 0 ) + do_mbedtls_cipher_setup = 0; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, - cipher_info ) ) != 0 ) + if( do_mbedtls_cipher_setup && + ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, + cipher_info ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); goto end; } + do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Only use PSA-based ciphers for TLS-1.2. * That's relevant at least for TLS-1.0, where @@ -1404,7 +1415,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * the structure field for the IV, which the PSA-based * implementation currently doesn't. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec, cipher_info, transform->taglen ); @@ -1431,10 +1442,12 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, psa_fallthrough = 1; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - if( psa_fallthrough == 1 ) + if( psa_fallthrough == 0 ) + do_mbedtls_cipher_setup = 0; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, - cipher_info ) ) != 0 ) + if( do_mbedtls_cipher_setup && + ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, + cipher_info ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); goto end; @@ -1511,6 +1524,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * Outputs: * - the tls_prf, calc_verify and calc_finished members of handshake structure */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, int minor_ver, mbedtls_md_type_t hash ) @@ -1580,6 +1594,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, * EMS: passed to calc_verify (debug + (SSL3) session_negotiate) * PSA-PSA: minor_ver, conf */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, unsigned char *master, const mbedtls_ssl_context *ssl ) @@ -2108,6 +2123,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -2323,6 +2339,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, unsigned char *crt_buf, size_t crt_buf_len ) @@ -2338,6 +2355,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) ); } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, unsigned char *crt_buf, size_t crt_buf_len ) @@ -2372,6 +2390,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, * Once the certificate message is read, parse it into a cert chain and * perform basic checks, but leave actual verification to the caller */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, mbedtls_x509_crt *chain ) { @@ -2521,6 +2540,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SRV_C) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) { if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) @@ -2570,6 +2590,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) */ #define SSL_CERTIFICATE_EXPECTED 0 #define SSL_CERTIFICATE_SKIP 1 +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, int authmode ) { @@ -2599,6 +2620,7 @@ static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, return( SSL_CERTIFICATE_EXPECTED ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, int authmode, mbedtls_x509_crt *chain, @@ -2696,7 +2718,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, { const mbedtls_pk_context *pk = &chain->pk; - /* If certificate uses an EC key, make sure the curve is OK */ + /* If certificate uses an EC key, make sure the curve is OK. + * This is a public key, so it can't be opaque, so can_do() is a good + * enough check to ensure pk_ec() is safe to use here. */ if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) { @@ -2787,6 +2811,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, unsigned char *start, size_t len ) { @@ -2818,6 +2843,7 @@ static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, return( ret ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl, unsigned char *start, size_t len ) { @@ -3388,7 +3414,7 @@ static void ssl_calc_finished_tls_sha384( sha512.state, sizeof( sha512.state ) ); #endif /* mbedtls_sha512_finish_ret's output parameter is declared as a - * 64-byte buffer, but sice we're using SHA-384, we know that the + * 64-byte buffer, but since we're using SHA-384, we know that the * output fits in 48 bytes. This is correct C, but GCC 11.1 warns * about it. */ @@ -3428,7 +3454,7 @@ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) ssl->handshake = NULL; /* - * Free the previous transform and swith in the current one + * Free the previous transform and switch in the current one */ if( ssl->transform ) { @@ -3796,6 +3822,7 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) memset( session, 0, sizeof(mbedtls_ssl_session) ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_handshake_init( mbedtls_ssl_context *ssl ) { /* Clear old handshake information if present */ @@ -3873,6 +3900,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /* Dummy cookie callbacks for defaults */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_cookie_write_dummy( void *ctx, unsigned char **p, unsigned char *end, const unsigned char *cli_id, size_t cli_id_len ) @@ -3886,6 +3914,7 @@ static int ssl_cookie_write_dummy( void *ctx, return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_cookie_check_dummy( void *ctx, const unsigned char *cookie, size_t cookie_len, const unsigned char *cli_id, size_t cli_id_len ) @@ -4063,9 +4092,12 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) memset( ssl->out_buf, 0, out_buf_len ); + int clear_in_buf = 1; #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) - if( partial == 0 ) + if( partial != 0 ) + clear_in_buf = 0; #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ + if( clear_in_buf ) { ssl->in_left = 0; memset( ssl->in_buf, 0, in_buf_len ); @@ -4102,9 +4134,12 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) + int free_cli_id = 1; #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) - if( partial == 0 ) + if( partial != 0 ) + free_cli_id = 0; #endif + if( free_cli_id ) { mbedtls_free( ssl->cli_id ); ssl->cli_id = NULL; @@ -4303,6 +4338,7 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, } /* Append a new keycert entry to a (possibly empty) list */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, mbedtls_x509_crt *cert, mbedtls_pk_context *key ) @@ -4444,7 +4480,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } /* This and the following branch should never - * be taken simultaenously as we maintain the + * be taken simultaneously as we maintain the * invariant that raw and opaque PSKs are never * configured simultaneously. As a safeguard, * though, `else` is omitted here. */ @@ -4471,6 +4507,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) * It checks that the provided identity is well-formed and attempts * to make a copy of it in the SSL config. * On failure, the PSK identity in the config remains unset. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf, unsigned char const *psk_identity, size_t psk_identity_len ) @@ -4632,6 +4669,9 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi_free( &conf->dhm_P ); + mbedtls_mpi_free( &conf->dhm_G ); + if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 || ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 ) { @@ -4647,6 +4687,9 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi_free( &conf->dhm_P ); + mbedtls_mpi_free( &conf->dhm_G ); + if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) { @@ -5384,6 +5427,7 @@ static unsigned char ssl_serialized_session_header[] = { * verify_result is put before peer_cert so that all mandatory fields come * together in one block. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_session_save( const mbedtls_ssl_session *session, unsigned char omit_header, unsigned char *buf, @@ -5583,6 +5627,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, * This internal version is wrapped by a public function that cleans up in * case of error, and has an extra option omit_header. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_session_load( mbedtls_ssl_session *session, unsigned char omit_header, const unsigned char *buf, @@ -5886,6 +5931,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) /* * Write HelloRequest to request renegotiation on server */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -6298,7 +6344,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - /* Protocol must be DLTS, not TLS */ + /* Protocol must be DTLS, not TLS */ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) ); @@ -6473,30 +6519,48 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, * Helper to get TLS 1.2 PRF from ciphersuite * (Duplicates bits of logic from ssl_set_handshake_prfs().) */ +#if defined(MBEDTLS_SHA256_C) || \ + (defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)) typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ); static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) { -#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); + if( ciphersuite_info == NULL ) + return( NULL ); + +#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) return( tls_prf_sha384 ); -#else - (void) ciphersuite_id; + else #endif - return( tls_prf_sha256 ); +#if defined(MBEDTLS_SHA256_C) + { + if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 ) + return( tls_prf_sha256 ); + } +#endif +#if !defined(MBEDTLS_SHA256_C) && \ + (!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA512_NO_SHA384)) + (void) ciphersuite_info; +#endif + return( NULL ); } +#endif /* MBEDTLS_SHA256_C || + (MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384) */ + /* * Deserialize context, see mbedtls_ssl_context_save() for format. * * This internal version is wrapped by a public function that cleans up in * case of error. */ +MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_context_load( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -6505,6 +6569,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, const unsigned char * const end = buf + len; size_t session_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + tls_prf_fn prf_func = NULL; /* * The context should have been freshly setup or reset. @@ -6592,6 +6657,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl->transform_out = ssl->transform; ssl->transform_negotiate = NULL; + prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite ); + if( prf_func == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + /* Read random bytes and populate structure */ if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -6610,7 +6679,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ZLIB_SUPPORT) ssl->session->compression, #endif - ssl_tls12prf_from_cs( ssl->session->ciphersuite ), + prf_func, p, /* currently pointing to randbytes */ MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ ssl->conf->endpoint, @@ -6883,7 +6952,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) } /* - * Initialze mbedtls_ssl_config + * Initialize mbedtls_ssl_config */ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) { @@ -7320,6 +7389,18 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i return( -1 ); } + +/* + * Same as mbedtls_ssl_check_curve() but takes a TLS ID for the curve. + */ +int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id ) +{ + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_tls_id( tls_id ); + if( curve_info == NULL ) + return( -1 ); + return( mbedtls_ssl_check_curve( ssl, curve_info->grp_id ) ); +} #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) diff --git a/vendor/mbedtls/2.28.0/library/ssl_tls13_keys.c b/vendor/mbedtls/library/ssl_tls13_keys.c similarity index 97% rename from vendor/mbedtls/2.28.0/library/ssl_tls13_keys.c rename to vendor/mbedtls/library/ssl_tls13_keys.c index 3de6f03fb8..cc68773d3a 100644 --- a/vendor/mbedtls/2.28.0/library/ssl_tls13_keys.c +++ b/vendor/mbedtls/library/ssl_tls13_keys.c @@ -24,6 +24,7 @@ #include "mbedtls/hkdf.h" #include "mbedtls/ssl_internal.h" #include "ssl_tls13_keys.h" +#include "psa/crypto_sizes.h" #include #include @@ -31,6 +32,9 @@ #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, +#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \ + PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE + struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = { /* This seems to work in C, despite the string literal being one @@ -292,8 +296,8 @@ int mbedtls_ssl_tls1_3_evolve_secret( { int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; size_t hlen, ilen; - unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; - unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 }; + unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 }; const mbedtls_md_info_t *md; md = mbedtls_md_info_from_type( hash_alg ); diff --git a/vendor/mbedtls/2.28.0/library/ssl_tls13_keys.h b/vendor/mbedtls/library/ssl_tls13_keys.h similarity index 100% rename from vendor/mbedtls/2.28.0/library/ssl_tls13_keys.h rename to vendor/mbedtls/library/ssl_tls13_keys.h diff --git a/vendor/mbedtls/2.28.0/library/threading.c b/vendor/mbedtls/library/threading.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/threading.c rename to vendor/mbedtls/library/threading.c index 2de117f52a..5e0aaa4f21 100644 --- a/vendor/mbedtls/2.28.0/library/threading.c +++ b/vendor/mbedtls/library/threading.c @@ -113,7 +113,7 @@ int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_ int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread; /* - * With phtreads we can statically initialize mutexes + * With pthreads we can statically initialize mutexes */ #define MUTEX_INIT = { PTHREAD_MUTEX_INITIALIZER, 1 } diff --git a/vendor/mbedtls/2.28.0/library/timing.c b/vendor/mbedtls/library/timing.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/timing.c rename to vendor/mbedtls/library/timing.c index eb41461320..6c14a4fd01 100644 --- a/vendor/mbedtls/2.28.0/library/timing.c +++ b/vendor/mbedtls/library/timing.c @@ -19,12 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif #if defined(MBEDTLS_TIMING_C) @@ -56,15 +51,15 @@ struct _hr_time #include #include -#include #include +/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the + * platform matches the ifdefs above, it will be used. */ #include - +#include struct _hr_time { struct timeval start; }; - #endif /* _WIN32 && !EFIX64 && !EFI32 */ #if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ @@ -267,7 +262,7 @@ static void TimerProc( void *TimerContext ) Sleep( alarmMs ); mbedtls_timing_alarmed = 1; /* _endthread will be called implicitly on return - * That ensures execution of thread funcition's epilogue */ + * That ensures execution of thread function's epilogue */ } void mbedtls_set_alarm( int seconds ) @@ -364,7 +359,6 @@ int mbedtls_timing_get_delay( void *data ) return( 0 ); } -#endif /* !MBEDTLS_TIMING_ALT */ #if defined(MBEDTLS_SELF_TEST) @@ -526,5 +520,5 @@ int mbedtls_timing_self_test( int verbose ) } #endif /* MBEDTLS_SELF_TEST */ - +#endif /* !MBEDTLS_TIMING_ALT */ #endif /* MBEDTLS_TIMING_C */ diff --git a/vendor/mbedtls/2.28.0/library/version.c b/vendor/mbedtls/library/version.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/version.c rename to vendor/mbedtls/library/version.c diff --git a/vendor/mbedtls/2.28.0/library/version_features.c b/vendor/mbedtls/library/version_features.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/version_features.c rename to vendor/mbedtls/library/version_features.c diff --git a/vendor/mbedtls/2.28.0/library/x509.c b/vendor/mbedtls/library/x509.c similarity index 94% rename from vendor/mbedtls/2.28.0/library/x509.c rename to vendor/mbedtls/library/x509.c index f21e9e6944..54c8666d23 100644 --- a/vendor/mbedtls/2.28.0/library/x509.c +++ b/vendor/mbedtls/library/x509.c @@ -43,16 +43,7 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#endif #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" @@ -198,7 +189,7 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md * * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other - * option. Enfore this at parsing time. + * option. Enforce this at parsing time. */ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, @@ -424,6 +415,11 @@ static int x509_get_attr_type_value( unsigned char **p, * For the general case we still use a flat list, but we mark elements of the * same set so that they are "merged" together in the functions that consume * this list, eg mbedtls_x509_dn_gets(). + * + * On success, this function may allocate a linked list starting at cur->next + * that must later be free'd by the caller using mbedtls_free(). In error + * cases, this function frees all allocated memory internally and the caller + * has no freeing responsibilities. */ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur ) @@ -431,6 +427,8 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t set_len; const unsigned char *end_set; + mbedtls_x509_name *head = cur; + mbedtls_x509_name *prev, *allocated; /* don't use recursion, we'd risk stack overflow if not optimized */ while( 1 ) @@ -440,14 +438,17 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, */ if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); + { + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ); + goto error; + } end_set = *p + set_len; while( 1 ) { if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 ) - return( ret ); + goto error; if( *p == end_set ) break; @@ -458,7 +459,10 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); if( cur->next == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + { + ret = MBEDTLS_ERR_X509_ALLOC_FAILED; + goto error; + } cur = cur->next; } @@ -472,10 +476,30 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); if( cur->next == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + { + ret = MBEDTLS_ERR_X509_ALLOC_FAILED; + goto error; + } cur = cur->next; } + +error: + /* Skip the first element as we did not allocate it */ + allocated = head->next; + + while( allocated != NULL ) + { + prev = allocated; + allocated = allocated->next; + + mbedtls_platform_zeroize( prev, sizeof( *prev ) ); + mbedtls_free( prev ); + } + + mbedtls_platform_zeroize( head, sizeof( *head ) ); + + return( ret ); } static int x509_parse_int( unsigned char **p, size_t n, int *res ) @@ -741,7 +765,7 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, n; + size_t i, j, n; unsigned char c, merge = 0; const mbedtls_x509_name *name; const char *short_name = NULL; @@ -775,17 +799,24 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) ret = mbedtls_snprintf( p, n, "\?\?=" ); MBEDTLS_X509_SAFE_SNPRINTF; - for( i = 0; i < name->val.len; i++ ) + for( i = 0, j = 0; i < name->val.len; i++, j++ ) { - if( i >= sizeof( s ) - 1 ) - break; + if( j >= sizeof( s ) - 1 ) + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); c = name->val.p[i]; + // Special characters requiring escaping, RFC 1779 + if( c && strchr( ",=+<>#;\"\\", c ) ) + { + if( j + 1 >= sizeof( s ) - 1 ) + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + s[j++] = '\\'; + } if( c < 32 || c >= 127 ) - s[i] = '?'; - else s[i] = c; + s[j] = '?'; + else s[j] = c; } - s[i] = '\0'; + s[j] = '\0'; ret = mbedtls_snprintf( p, n, "%s", s ); MBEDTLS_X509_SAFE_SNPRINTF; diff --git a/vendor/mbedtls/2.28.0/library/x509_create.c b/vendor/mbedtls/library/x509_create.c similarity index 100% rename from vendor/mbedtls/2.28.0/library/x509_create.c rename to vendor/mbedtls/library/x509_create.c diff --git a/vendor/mbedtls/2.28.0/library/x509_crl.c b/vendor/mbedtls/library/x509_crl.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/x509_crl.c rename to vendor/mbedtls/library/x509_crl.c index ac4fc75de3..b943a8d6da 100644 --- a/vendor/mbedtls/2.28.0/library/x509_crl.c +++ b/vendor/mbedtls/library/x509_crl.c @@ -1,5 +1,5 @@ /* - * X.509 Certidicate Revocation List (CRL) parsing + * X.509 Certificate Revocation List (CRL) parsing * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -42,21 +42,15 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_snprintf snprintf -#endif +#if defined(MBEDTLS_HAVE_TIME) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include #else #include #endif +#endif #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) #include diff --git a/vendor/mbedtls/2.28.0/library/x509_crt.c b/vendor/mbedtls/library/x509_crt.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/x509_crt.c rename to vendor/mbedtls/library/x509_crt.c index a6cccf8144..def1414eca 100644 --- a/vendor/mbedtls/2.28.0/library/x509_crt.c +++ b/vendor/mbedtls/library/x509_crt.c @@ -49,25 +49,19 @@ #include "mbedtls/psa_util.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_snprintf snprintf -#endif #if defined(MBEDTLS_THREADING_C) #include "mbedtls/threading.h" #endif +#if defined(MBEDTLS_HAVE_TIME) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include #else #include #endif +#endif #if defined(MBEDTLS_FS_IO) #include @@ -75,6 +69,7 @@ #include #include #include +#include #endif /* !_WIN32 || EFIX64 || EFI32 */ #endif @@ -1263,9 +1258,12 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, } } + int extensions_allowed = 1; #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) - if( crt->version == 3 ) + if( crt->version != 3 ) + extensions_allowed = 0; #endif + if( extensions_allowed ) { ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx ); if( ret != 0 ) @@ -1638,8 +1636,22 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) } else if( stat( entry_name, &sb ) == -1 ) { - ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; - goto cleanup; + if( errno == ENOENT ) + { + /* Broken symbolic link - ignore this entry. + stat(2) will return this error for either (a) a dangling + symlink or (b) a missing file. + Given that we have just obtained the filename from readdir, + assume that it does exist and therefore treat this as a + dangling symlink. */ + continue; + } + else + { + /* Some other file error; report the error. */ + ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } } if( !S_ISREG( sb.st_mode ) ) @@ -1768,6 +1780,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, const char *prefix ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t i; size_t n = *size; char *p = *buf; const mbedtls_x509_sequence *cur = subject_alt_name; @@ -1820,18 +1833,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; - if( other_name->value.hardware_module_name.val.len >= n ) + for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ ) { - *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] ); + MBEDTLS_X509_SAFE_SNPRINTF; } - - memcpy( p, other_name->value.hardware_module_name.val.p, - other_name->value.hardware_module_name.val.len ); - p += other_name->value.hardware_module_name.val.len; - - n -= other_name->value.hardware_module_name.val.len; - }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ } break; diff --git a/vendor/mbedtls/2.28.0/library/x509_csr.c b/vendor/mbedtls/library/x509_csr.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/x509_csr.c rename to vendor/mbedtls/library/x509_csr.c index e259410d07..1a22b77086 100644 --- a/vendor/mbedtls/2.28.0/library/x509_csr.c +++ b/vendor/mbedtls/library/x509_csr.c @@ -42,15 +42,7 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_snprintf snprintf -#endif #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) #include diff --git a/vendor/mbedtls/2.28.0/library/x509write_crt.c b/vendor/mbedtls/library/x509write_crt.c similarity index 99% rename from vendor/mbedtls/2.28.0/library/x509write_crt.c rename to vendor/mbedtls/library/x509write_crt.c index 184c90cd33..0c5e991834 100644 --- a/vendor/mbedtls/2.28.0/library/x509write_crt.c +++ b/vendor/mbedtls/library/x509write_crt.c @@ -299,7 +299,7 @@ static int x509_write_time( unsigned char **p, unsigned char *start, /* * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) */ - if( t[0] == '2' && t[1] == '0' && t[2] < '5' ) + if( t[0] < '2' || ( t[0] == '2' && t[1] == '0' && t[2] < '5' ) ) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, (const unsigned char *) t + 2, diff --git a/vendor/mbedtls/2.28.0/library/x509write_csr.c b/vendor/mbedtls/library/x509write_csr.c similarity index 98% rename from vendor/mbedtls/2.28.0/library/x509write_csr.c rename to vendor/mbedtls/library/x509write_csr.c index afda950341..707dd001f0 100644 --- a/vendor/mbedtls/2.28.0/library/x509write_csr.c +++ b/vendor/mbedtls/library/x509write_csr.c @@ -44,13 +44,7 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { diff --git a/vendor/mbedtls/2.28.0/library/xtea.c b/vendor/mbedtls/library/xtea.c similarity index 96% rename from vendor/mbedtls/2.28.0/library/xtea.c rename to vendor/mbedtls/library/xtea.c index 77f6cb6f67..28e6972aa8 100644 --- a/vendor/mbedtls/2.28.0/library/xtea.c +++ b/vendor/mbedtls/library/xtea.c @@ -1,5 +1,5 @@ /* - * An 32-bit implementation of the XTEA algorithm + * A 32-bit implementation of the XTEA algorithm * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -26,14 +26,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_XTEA_ALT) diff --git a/vendor/mbedtls/premake5.lua b/vendor/mbedtls/premake5.lua index ab58650677..f37fe00355 100644 --- a/vendor/mbedtls/premake5.lua +++ b/vendor/mbedtls/premake5.lua @@ -3,257 +3,258 @@ project "mbedtls" kind "StaticLib" includedirs { - "2.28.0/configs", - "2.28.0/include", - "2.28.0/library", - "2.28.0/3rdparty/everest/include", - "2.28.0/3rdparty/everest/include/everest", - "2.28.0/3rdparty/everest/include/everest/kremlib", + "configs", + "include", + "library", + "3rdparty/everest/include", + "3rdparty/everest/include/everest", + "3rdparty/everest/include/everest/kremlib", } files { - "2.28.0/3rdparty/everest/include/everest/everest.h", - "2.28.0/3rdparty/everest/include/everest/Hacl_Curve25519.h", - "2.28.0/3rdparty/everest/include/everest/kremlib.h", - "2.28.0/3rdparty/everest/include/everest/x25519.h", - "2.28.0/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h", - "2.28.0/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h", - "2.28.0/3rdparty/everest/include/everest/kremlin/c_endianness.h", - "2.28.0/3rdparty/everest/include/everest/kremlin/internal/builtin.h", - "2.28.0/3rdparty/everest/include/everest/kremlin/internal/callconv.h", - "2.28.0/3rdparty/everest/include/everest/kremlin/internal/compat.h", - "2.28.0/3rdparty/everest/include/everest/kremlin/internal/debug.h", - "2.28.0/3rdparty/everest/include/everest/kremlin/internal/target.h", - "2.28.0/3rdparty/everest/include/everest/kremlin/internal/types.h", - "2.28.0/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h", - "2.28.0/3rdparty/everest/library/everest.c", - "2.28.0/3rdparty/everest/library/Hacl_Curve25519_joined.c", - "2.28.0/3rdparty/everest/library/x25519.c", - "2.28.0/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c", - "2.28.0/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c", - "2.28.0/3rdparty/everest/library/legacy/Hacl_Curve25519.c", - "2.28.0/configs/config-ccm-psk-tls1_2.h", - "2.28.0/configs/config-mini-tls1_1.h", - "2.28.0/configs/config-no-entropy.h", - "2.28.0/configs/config-suite-b.h", - "2.28.0/configs/config-symmetric-only.h", - "2.28.0/configs/config-thread.h", - "2.28.0/include/mbedtls/aes.h", - "2.28.0/include/mbedtls/aesni.h", - "2.28.0/include/mbedtls/arc4.h", - "2.28.0/include/mbedtls/aria.h", - "2.28.0/include/mbedtls/asn1.h", - "2.28.0/include/mbedtls/asn1write.h", - "2.28.0/include/mbedtls/base64.h", - "2.28.0/include/mbedtls/bignum.h", - "2.28.0/include/mbedtls/blowfish.h", - "2.28.0/include/mbedtls/bn_mul.h", - "2.28.0/include/mbedtls/camellia.h", - "2.28.0/include/mbedtls/ccm.h", - "2.28.0/include/mbedtls/certs.h", - "2.28.0/include/mbedtls/chacha20.h", - "2.28.0/include/mbedtls/chachapoly.h", - "2.28.0/include/mbedtls/check_config.h", - "2.28.0/include/mbedtls/cipher.h", - "2.28.0/include/mbedtls/cipher_internal.h", - "2.28.0/include/mbedtls/cmac.h", - "2.28.0/include/mbedtls/compat-1.3.h", - "2.28.0/include/mbedtls/config.h", - "2.28.0/include/mbedtls/config_psa.h", - "2.28.0/include/mbedtls/constant_time.h", - "2.28.0/include/mbedtls/ctr_drbg.h", - "2.28.0/include/mbedtls/debug.h", - "2.28.0/include/mbedtls/des.h", - "2.28.0/include/mbedtls/dhm.h", - "2.28.0/include/mbedtls/ecdh.h", - "2.28.0/include/mbedtls/ecdsa.h", - "2.28.0/include/mbedtls/ecjpake.h", - "2.28.0/include/mbedtls/ecp.h", - "2.28.0/include/mbedtls/ecp_internal.h", - "2.28.0/include/mbedtls/entropy.h", - "2.28.0/include/mbedtls/entropy_poll.h", - "2.28.0/include/mbedtls/error.h", - "2.28.0/include/mbedtls/gcm.h", - "2.28.0/include/mbedtls/havege.h", - "2.28.0/include/mbedtls/hkdf.h", - "2.28.0/include/mbedtls/hmac_drbg.h", - "2.28.0/include/mbedtls/md.h", - "2.28.0/include/mbedtls/md2.h", - "2.28.0/include/mbedtls/md4.h", - "2.28.0/include/mbedtls/md5.h", - "2.28.0/include/mbedtls/md_internal.h", - "2.28.0/include/mbedtls/memory_buffer_alloc.h", - "2.28.0/include/mbedtls/net.h", - "2.28.0/include/mbedtls/net_sockets.h", - "2.28.0/include/mbedtls/nist_kw.h", - "2.28.0/include/mbedtls/oid.h", - "2.28.0/include/mbedtls/padlock.h", - "2.28.0/include/mbedtls/pem.h", - "2.28.0/include/mbedtls/pk.h", - "2.28.0/include/mbedtls/pkcs11.h", - "2.28.0/include/mbedtls/pkcs12.h", - "2.28.0/include/mbedtls/pkcs5.h", - "2.28.0/include/mbedtls/pk_internal.h", - "2.28.0/include/mbedtls/platform.h", - "2.28.0/include/mbedtls/platform_time.h", - "2.28.0/include/mbedtls/platform_util.h", - "2.28.0/include/mbedtls/poly1305.h", - "2.28.0/include/mbedtls/psa_util.h", - "2.28.0/include/mbedtls/ripemd160.h", - "2.28.0/include/mbedtls/rsa.h", - "2.28.0/include/mbedtls/rsa_internal.h", - "2.28.0/include/mbedtls/sha1.h", - "2.28.0/include/mbedtls/sha256.h", - "2.28.0/include/mbedtls/sha512.h", - "2.28.0/include/mbedtls/ssl.h", - "2.28.0/include/mbedtls/ssl_cache.h", - "2.28.0/include/mbedtls/ssl_ciphersuites.h", - "2.28.0/include/mbedtls/ssl_cookie.h", - "2.28.0/include/mbedtls/ssl_internal.h", - "2.28.0/include/mbedtls/ssl_ticket.h", - "2.28.0/include/mbedtls/threading.h", - "2.28.0/include/mbedtls/timing.h", - "2.28.0/include/mbedtls/version.h", - "2.28.0/include/mbedtls/x509.h", - "2.28.0/include/mbedtls/x509_crl.h", - "2.28.0/include/mbedtls/x509_crt.h", - "2.28.0/include/mbedtls/x509_csr.h", - "2.28.0/include/mbedtls/xtea.h", - "2.28.0/include/psa/crypto.h", - "2.28.0/include/psa/crypto_builtin_composites.h", - "2.28.0/include/psa/crypto_builtin_primitives.h", - "2.28.0/include/psa/crypto_compat.h", - "2.28.0/include/psa/crypto_config.h", - "2.28.0/include/psa/crypto_driver_common.h", - "2.28.0/include/psa/crypto_driver_contexts_composites.h", - "2.28.0/include/psa/crypto_driver_contexts_primitives.h", - "2.28.0/include/psa/crypto_extra.h", - "2.28.0/include/psa/crypto_platform.h", - "2.28.0/include/psa/crypto_se_driver.h", - "2.28.0/include/psa/crypto_sizes.h", - "2.28.0/include/psa/crypto_struct.h", - "2.28.0/include/psa/crypto_types.h", - "2.28.0/include/psa/crypto_values.h", - "2.28.0/library/aes.c", - "2.28.0/library/aesni.c", - "2.28.0/library/arc4.c", - "2.28.0/library/aria.c", - "2.28.0/library/asn1parse.c", - "2.28.0/library/asn1write.c", - "2.28.0/library/base64.c", - "2.28.0/library/bignum.c", - "2.28.0/library/blowfish.c", - "2.28.0/library/camellia.c", - "2.28.0/library/ccm.c", - "2.28.0/library/certs.c", - "2.28.0/library/chacha20.c", - "2.28.0/library/chachapoly.c", - "2.28.0/library/check_crypto_config.h", - "2.28.0/library/cipher.c", - "2.28.0/library/cipher_wrap.c", - "2.28.0/library/cmac.c", - "2.28.0/library/common.h", - "2.28.0/library/constant_time.c", - "2.28.0/library/constant_time_internal.h", - "2.28.0/library/constant_time_invasive.h", - "2.28.0/library/ctr_drbg.c", - "2.28.0/library/debug.c", - "2.28.0/library/des.c", - "2.28.0/library/dhm.c", - "2.28.0/library/ecdh.c", - "2.28.0/library/ecdsa.c", - "2.28.0/library/ecjpake.c", - "2.28.0/library/ecp.c", - "2.28.0/library/ecp_curves.c", - "2.28.0/library/ecp_invasive.h", - "2.28.0/library/entropy.c", - "2.28.0/library/entropy_poll.c", - "2.28.0/library/error.c", - "2.28.0/library/gcm.c", - "2.28.0/library/havege.c", - "2.28.0/library/hkdf.c", - "2.28.0/library/hmac_drbg.c", - "2.28.0/library/md.c", - "2.28.0/library/md2.c", - "2.28.0/library/md4.c", - "2.28.0/library/md5.c", - "2.28.0/library/memory_buffer_alloc.c", - "2.28.0/library/mps_common.h", - "2.28.0/library/mps_error.h", - "2.28.0/library/mps_reader.c", - "2.28.0/library/mps_reader.h", - "2.28.0/library/mps_trace.c", - "2.28.0/library/mps_trace.h", - "2.28.0/library/net_sockets.c", - "2.28.0/library/nist_kw.c", - "2.28.0/library/oid.c", - "2.28.0/library/padlock.c", - "2.28.0/library/pem.c", - "2.28.0/library/pk.c", - "2.28.0/library/pkcs11.c", - "2.28.0/library/pkcs12.c", - "2.28.0/library/pkcs5.c", - "2.28.0/library/pkparse.c", - "2.28.0/library/pkwrite.c", - "2.28.0/library/pk_wrap.c", - "2.28.0/library/platform.c", - "2.28.0/library/platform_util.c", - "2.28.0/library/poly1305.c", - "2.28.0/library/psa_crypto.c", - "2.28.0/library/psa_crypto_aead.c", - "2.28.0/library/psa_crypto_aead.h", - "2.28.0/library/psa_crypto_cipher.c", - "2.28.0/library/psa_crypto_cipher.h", - "2.28.0/library/psa_crypto_client.c", - "2.28.0/library/psa_crypto_core.h", - "2.28.0/library/psa_crypto_driver_wrappers.c", - "2.28.0/library/psa_crypto_driver_wrappers.h", - "2.28.0/library/psa_crypto_ecp.c", - "2.28.0/library/psa_crypto_ecp.h", - "2.28.0/library/psa_crypto_hash.c", - "2.28.0/library/psa_crypto_hash.h", - "2.28.0/library/psa_crypto_invasive.h", - "2.28.0/library/psa_crypto_its.h", - "2.28.0/library/psa_crypto_mac.c", - "2.28.0/library/psa_crypto_mac.h", - "2.28.0/library/psa_crypto_random_impl.h", - "2.28.0/library/psa_crypto_rsa.c", - "2.28.0/library/psa_crypto_rsa.h", - "2.28.0/library/psa_crypto_se.c", - "2.28.0/library/psa_crypto_se.h", - "2.28.0/library/psa_crypto_slot_management.c", - "2.28.0/library/psa_crypto_slot_management.h", - "2.28.0/library/psa_crypto_storage.c", - "2.28.0/library/psa_crypto_storage.h", - "2.28.0/library/psa_its_file.c", - "2.28.0/library/ripemd160.c", - "2.28.0/library/rsa.c", - "2.28.0/library/rsa_internal.c", - "2.28.0/library/sha1.c", - "2.28.0/library/sha256.c", - "2.28.0/library/sha512.c", - "2.28.0/library/ssl_cache.c", - "2.28.0/library/ssl_ciphersuites.c", - "2.28.0/library/ssl_cli.c", - "2.28.0/library/ssl_cookie.c", - "2.28.0/library/ssl_msg.c", - "2.28.0/library/ssl_srv.c", - "2.28.0/library/ssl_ticket.c", - "2.28.0/library/ssl_tls.c", - "2.28.0/library/ssl_tls13_keys.c", - "2.28.0/library/ssl_tls13_keys.h", - "2.28.0/library/threading.c", - "2.28.0/library/timing.c", - "2.28.0/library/version.c", - "2.28.0/library/version_features.c", - "2.28.0/library/x509.c", - "2.28.0/library/x509write_crt.c", - "2.28.0/library/x509write_csr.c", - "2.28.0/library/x509_create.c", - "2.28.0/library/x509_crl.c", - "2.28.0/library/x509_crt.c", - "2.28.0/library/x509_csr.c", - "2.28.0/library/xtea.c", + "3rdparty/everest/include/everest/everest.h", + "3rdparty/everest/include/everest/Hacl_Curve25519.h", + "3rdparty/everest/include/everest/kremlib.h", + "3rdparty/everest/include/everest/x25519.h", + "3rdparty/everest/include/everest/kremlib/FStar_UInt128.h", + "3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h", + "3rdparty/everest/include/everest/kremlin/c_endianness.h", + "3rdparty/everest/include/everest/kremlin/internal/builtin.h", + "3rdparty/everest/include/everest/kremlin/internal/callconv.h", + "3rdparty/everest/include/everest/kremlin/internal/compat.h", + "3rdparty/everest/include/everest/kremlin/internal/debug.h", + "3rdparty/everest/include/everest/kremlin/internal/target.h", + "3rdparty/everest/include/everest/kremlin/internal/types.h", + "3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h", + "3rdparty/everest/library/everest.c", + "3rdparty/everest/library/Hacl_Curve25519_joined.c", + "3rdparty/everest/library/x25519.c", + "3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c", + "3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c", + "3rdparty/everest/library/legacy/Hacl_Curve25519.c", + "configs/config-ccm-psk-dtls1_2.h", + "configs/config-ccm-psk-tls1_2.h", + "configs/config-mini-tls1_1.h", + "configs/config-no-entropy.h", + "configs/config-suite-b.h", + "configs/config-symmetric-only.h", + "configs/config-thread.h", + "include/mbedtls/aes.h", + "include/mbedtls/aesni.h", + "include/mbedtls/arc4.h", + "include/mbedtls/aria.h", + "include/mbedtls/asn1.h", + "include/mbedtls/asn1write.h", + "include/mbedtls/base64.h", + "include/mbedtls/bignum.h", + "include/mbedtls/blowfish.h", + "include/mbedtls/bn_mul.h", + "include/mbedtls/camellia.h", + "include/mbedtls/ccm.h", + "include/mbedtls/certs.h", + "include/mbedtls/chacha20.h", + "include/mbedtls/chachapoly.h", + "include/mbedtls/check_config.h", + "include/mbedtls/cipher.h", + "include/mbedtls/cipher_internal.h", + "include/mbedtls/cmac.h", + "include/mbedtls/compat-1.3.h", + "include/mbedtls/config.h", + "include/mbedtls/config_psa.h", + "include/mbedtls/constant_time.h", + "include/mbedtls/ctr_drbg.h", + "include/mbedtls/debug.h", + "include/mbedtls/des.h", + "include/mbedtls/dhm.h", + "include/mbedtls/ecdh.h", + "include/mbedtls/ecdsa.h", + "include/mbedtls/ecjpake.h", + "include/mbedtls/ecp.h", + "include/mbedtls/ecp_internal.h", + "include/mbedtls/entropy.h", + "include/mbedtls/entropy_poll.h", + "include/mbedtls/error.h", + "include/mbedtls/gcm.h", + "include/mbedtls/havege.h", + "include/mbedtls/hkdf.h", + "include/mbedtls/hmac_drbg.h", + "include/mbedtls/md.h", + "include/mbedtls/md2.h", + "include/mbedtls/md4.h", + "include/mbedtls/md5.h", + "include/mbedtls/md_internal.h", + "include/mbedtls/memory_buffer_alloc.h", + "include/mbedtls/net.h", + "include/mbedtls/net_sockets.h", + "include/mbedtls/nist_kw.h", + "include/mbedtls/oid.h", + "include/mbedtls/padlock.h", + "include/mbedtls/pem.h", + "include/mbedtls/pk.h", + "include/mbedtls/pkcs11.h", + "include/mbedtls/pkcs12.h", + "include/mbedtls/pkcs5.h", + "include/mbedtls/pk_internal.h", + "include/mbedtls/platform.h", + "include/mbedtls/platform_time.h", + "include/mbedtls/platform_util.h", + "include/mbedtls/poly1305.h", + "include/mbedtls/psa_util.h", + "include/mbedtls/ripemd160.h", + "include/mbedtls/rsa.h", + "include/mbedtls/rsa_internal.h", + "include/mbedtls/sha1.h", + "include/mbedtls/sha256.h", + "include/mbedtls/sha512.h", + "include/mbedtls/ssl.h", + "include/mbedtls/ssl_cache.h", + "include/mbedtls/ssl_ciphersuites.h", + "include/mbedtls/ssl_cookie.h", + "include/mbedtls/ssl_internal.h", + "include/mbedtls/ssl_ticket.h", + "include/mbedtls/threading.h", + "include/mbedtls/timing.h", + "include/mbedtls/version.h", + "include/mbedtls/x509.h", + "include/mbedtls/x509_crl.h", + "include/mbedtls/x509_crt.h", + "include/mbedtls/x509_csr.h", + "include/mbedtls/xtea.h", + "include/psa/crypto.h", + "include/psa/crypto_builtin_composites.h", + "include/psa/crypto_builtin_primitives.h", + "include/psa/crypto_compat.h", + "include/psa/crypto_config.h", + "include/psa/crypto_driver_common.h", + "include/psa/crypto_driver_contexts_composites.h", + "include/psa/crypto_driver_contexts_primitives.h", + "include/psa/crypto_extra.h", + "include/psa/crypto_platform.h", + "include/psa/crypto_se_driver.h", + "include/psa/crypto_sizes.h", + "include/psa/crypto_struct.h", + "include/psa/crypto_types.h", + "include/psa/crypto_values.h", + "library/aes.c", + "library/aesni.c", + "library/arc4.c", + "library/aria.c", + "library/asn1parse.c", + "library/asn1write.c", + "library/base64.c", + "library/bignum.c", + "library/blowfish.c", + "library/camellia.c", + "library/ccm.c", + "library/certs.c", + "library/chacha20.c", + "library/chachapoly.c", + "library/check_crypto_config.h", + "library/cipher.c", + "library/cipher_wrap.c", + "library/cmac.c", + "library/common.h", + "library/constant_time.c", + "library/constant_time_internal.h", + "library/constant_time_invasive.h", + "library/ctr_drbg.c", + "library/debug.c", + "library/des.c", + "library/dhm.c", + "library/ecdh.c", + "library/ecdsa.c", + "library/ecjpake.c", + "library/ecp.c", + "library/ecp_curves.c", + "library/ecp_invasive.h", + "library/entropy.c", + "library/entropy_poll.c", + "library/error.c", + "library/gcm.c", + "library/havege.c", + "library/hkdf.c", + "library/hmac_drbg.c", + "library/md.c", + "library/md2.c", + "library/md4.c", + "library/md5.c", + "library/memory_buffer_alloc.c", + "library/mps_common.h", + "library/mps_error.h", + "library/mps_reader.c", + "library/mps_reader.h", + "library/mps_trace.c", + "library/mps_trace.h", + "library/net_sockets.c", + "library/nist_kw.c", + "library/oid.c", + "library/padlock.c", + "library/pem.c", + "library/pk.c", + "library/pkcs11.c", + "library/pkcs12.c", + "library/pkcs5.c", + "library/pkparse.c", + "library/pkwrite.c", + "library/pk_wrap.c", + "library/platform.c", + "library/platform_util.c", + "library/poly1305.c", + "library/psa_crypto.c", + "library/psa_crypto_aead.c", + "library/psa_crypto_aead.h", + "library/psa_crypto_cipher.c", + "library/psa_crypto_cipher.h", + "library/psa_crypto_client.c", + "library/psa_crypto_core.h", + "library/psa_crypto_driver_wrappers.c", + "library/psa_crypto_driver_wrappers.h", + "library/psa_crypto_ecp.c", + "library/psa_crypto_ecp.h", + "library/psa_crypto_hash.c", + "library/psa_crypto_hash.h", + "library/psa_crypto_invasive.h", + "library/psa_crypto_its.h", + "library/psa_crypto_mac.c", + "library/psa_crypto_mac.h", + "library/psa_crypto_random_impl.h", + "library/psa_crypto_rsa.c", + "library/psa_crypto_rsa.h", + "library/psa_crypto_se.c", + "library/psa_crypto_se.h", + "library/psa_crypto_slot_management.c", + "library/psa_crypto_slot_management.h", + "library/psa_crypto_storage.c", + "library/psa_crypto_storage.h", + "library/psa_its_file.c", + "library/ripemd160.c", + "library/rsa.c", + "library/rsa_internal.c", + "library/sha1.c", + "library/sha256.c", + "library/sha512.c", + "library/ssl_cache.c", + "library/ssl_ciphersuites.c", + "library/ssl_cli.c", + "library/ssl_cookie.c", + "library/ssl_msg.c", + "library/ssl_srv.c", + "library/ssl_ticket.c", + "library/ssl_tls.c", + "library/ssl_tls13_keys.c", + "library/ssl_tls13_keys.h", + "library/threading.c", + "library/timing.c", + "library/version.c", + "library/version_features.c", + "library/x509.c", + "library/x509write_crt.c", + "library/x509write_csr.c", + "library/x509_create.c", + "library/x509_crl.c", + "library/x509_crt.c", + "library/x509_csr.c", + "library/xtea.c", } defines {